CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-6986 | low | — | 2.1 | 13y ago | The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by pass… | |||
| CVE-2013-3929 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script … | |||
| CVE-2013-0222 | low | — | 2.1 | 13y ago | The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a … | |||
| CVE-2013-4354 | low | — | 2.1 | 13y ago | The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. | |||
| CVE-2013-4393 | low | — | 2.1 | 13y ago | journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor. | |||
| CVE-2013-5191 | low | — | 2.1 | 13y ago | The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Gue… | |||
| CVE-2013-5186 | low | — | 2.1 | 13y ago | Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive informati… | |||
| CVE-2013-5173 | low | — | 2.1 | 13y ago | The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temp… | |||
| CVE-2013-5162 | low | — | 2.1 | 13y ago | Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcod… | |||
| CVE-2013-4293 | low | — | 2.1 | 13y ago | The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files. | |||
| CVE-2013-2190 | low | — | 2.1 | 13y ago | The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which c… | |||
| CVE-2013-5837 | low | — | 2.1 | 13y ago | Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0… | |||
| CVE-2013-5770 | low | — | 2.1 | 13y ago | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking. | |||
| CVE-2013-3842 | low | — | 2.1 | 13y ago | Unspecified vulnerability Oracle Solaris 10 allows local users to affect confidentiality via vectors related to Oracle Configuration Manager (OCM). | |||
| CVE-2013-2013 | low | — | 2.1 | 13y ago | The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the pro… | |||
| CVE-2013-4361 | low | — | 2.1 | 13y ago | The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by r… | |||
| CVE-2013-5380 | low | — | 2.1 | 13y ago | IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-4292 | low | — | 2.1 | 13y ago | libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote… | |||
| CVE-2013-5964 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to in… | |||
| CVE-2013-4820 | low | — | 2.1 | 13y ago | Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Age… | |||
| CVE-2013-5158 | low | — | 2.1 | 13y ago | The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Tw… | |||
| CVE-2013-5153 | low | — | 2.1 | 13y ago | Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | |||
| CVE-2013-4183 | low | — | 2.1 | 13y ago | The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive i… | |||
| CVE-2013-1030 | low | — | 2.1 | 13y ago | mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. | |||
| CVE-2013-5724 | low | — | 2.1 | 13y ago | Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations. | |||
| CVE-2013-4274 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Dr… | |||
| CVE-2013-4138 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any artic… | |||
| CVE-2013-2978 | low | — | 2.1 | 13y ago | Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Re… | |||
| CVE-2013-4218 | low | — | 2.1 | 13y ago | The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/SupplicantAgent.c in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 … | |||
| CVE-2013-4217 | low | — | 2.1 | 13y ago | The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for In… | |||
| CVE-2013-4216 | low | — | 2.1 | 13y ago | The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMA… | |||
| CVE-2013-4229 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script … | |||
| CVE-2013-4959 | low | — | 2.1 | 13y ago | Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host na… | |||
| CVE-2013-4208 | low | — | 2.1 | 13y ago | The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow loca… | |||
| CVE-2013-4140 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary… | |||
| CVE-2013-2362 | low | — | 2.1 | 13y ago | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676. | |||
| CVE-2013-3790 | low | — | 2.1 | 13y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown … | |||
| CVE-2013-3745 | low | — | 2.1 | 13y ago | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc. | |||
| CVE-2013-0245 | low | — | 2.1 | 13y ago | The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows rem… | |||
| CVE-2013-2096 | low | — | 2.1 | 13y ago | OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by cr… | |||
| CVE-2013-3273 | low | — | 2.1 | 13y ago | EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which… | |||
| CVE-2013-3272 | low | — | 2.1 | 13y ago | EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an … | |||
| CVE-2013-2237 | low | — | 2.1 | 13y ago | The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from k… | |||
| CVE-2013-2234 | low | — | 2.1 | 13y ago | The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obta… | |||
| CVE-2013-2164 | low | — | 2.1 | 13y ago | The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfun… | |||
| CVE-2013-1971 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of… | |||
| CVE-2013-1393 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary … | |||
| CVE-2013-0947 | low | — | 2.1 | 13y ago | EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) c… | |||
| CVE-2013-2148 | low | — | 2.1 | 13y ago | The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive i… | |||
| CVE-2013-2147 | low | — | 2.1 | 13y ago | The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to… | |||
| CVE-2013-2141 | low | — | 2.1 | 13y ago | The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via… | |||
| CVE-2013-3952 | low | — | 2.1 | 13y ago | The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_… | |||
| CVE-2013-3949 | low | — | 2.1 | 13y ago | The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, whi… | |||
| CVE-2013-0985 | low | — | 2.1 | 13y ago | Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) … | |||
| CVE-2013-0941 | low | — | 2.1 | 13y ago | EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Win… | |||
| CVE-2013-2006 | low | — | 2.1 | 13y ago | OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by readin… | |||
| CVE-2013-1977 | low | — | 2.1 | 13y ago | OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file. | |||
| CVE-2013-1940 | low | — | 2.1 | 13y ago | X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain se… | |||
| CVE-2013-1845 | low | — | 2.1 | 13y ago | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting… | |||
| CVE-2013-1956 | low | — | 2.1 | 13y ago | The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows l… | |||
| CVE-2013-2415 | low | — | 2.1 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors rela… | |||
| CVE-2013-1560 | low | — | 2.1 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via vec… | |||
| CVE-2013-1887 | low | — | 2.1 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or H… | |||
| CVE-2013-2715 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject… | |||
| CVE-2013-1787 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inje… | |||
| CVE-2013-1786 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitr… | |||
| CVE-2013-1785 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to in… | |||
| CVE-2013-1784 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrar… | |||
| CVE-2013-1783 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes per… | |||
| CVE-2013-1782 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web… | |||
| CVE-2013-1781 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject a… | |||
| CVE-2013-1780 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web… | |||
| CVE-2013-1779 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrar… | |||
| CVE-2013-1778 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script… | |||
| CVE-2013-0324 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus an… | |||
| CVE-2013-0260 | low | — | 2.1 | 13y ago | Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors. | |||
| CVE-2013-0259 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web scri… | |||
| CVE-2013-0980 | low | — | 2.1 | 13y ago | The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveragin… | |||
| CVE-2013-0978 | low | — | 2.1 | 13y ago | The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to… | |||
| CVE-2013-0227 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML v… | |||
| CVE-2013-0225 | low | — | 2.1 | 13y ago | Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer us… | |||
| CVE-2013-2548 | low | — | 2.1 | 13y ago | The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation,… | |||
| CVE-2013-2547 | low | — | 2.1 | 13y ago | The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which al… | |||
| CVE-2013-2546 | low | — | 2.1 | 13y ago | The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive informatio… | |||
| CVE-2013-0162 | low | — | 2.1 | 14y ago | ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name | |||
| CVE-2013-0265 | low | — | 2.1 | 14y ago | The redirect_stderr function in xnbd_common.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log. | |||
| CVE-2013-0241 | low | — | 2.1 | 14y ago | The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex … | |||
| CVE-2013-0218 | low | — | 2.1 | 14y ago | The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows… | |||
| CVE-2013-0963 | low | — | 2.1 | 14y ago | Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging… | |||
| CVE-2013-0390 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vec… | |||
| CVE-2013-0370 | low | — | 2.1 | 14y ago | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors rel… | |||
| CVE-2013-4469 | low | — | 1.9 | 4y ago | OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (ho… | |||
| CVE-2013-7336 | low | — | 1.9 | 12y ago | The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a… | |||
| CVE-2013-4509 | low | — | 1.9 | 13y ago | The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allo… | |||
| CVE-2013-6384 | low | — | 1.9 | 13y ago | (1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to… | |||
| CVE-2013-0223 | low | — | 1.9 | 13y ago | The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i… | |||
| CVE-2013-4481 | low | — | 1.9 | 13y ago | Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive inf… | |||
| CVE-2013-4425 | low | — | 1.9 | 13y ago | The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtai… | |||
| CVE-2013-3287 | low | — | 1.9 | 13y ago | EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console. | |||
| CVE-2013-1056 | low | — | 1.9 | 13y ago | X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files. |