CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1918 | medium | — | 4.7 | 13y ago | Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table tra… | |||
| CVE-2013-3497 | medium | — | 4.7 | 13y ago | Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attack… | |||
| CVE-2013-1959 | low | — | 4.7 | 13y ago | kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a … | |||
| CVE-2013-2015 | medium | — | 4.7 | 13y ago | The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers … | |||
| CVE-2013-1928 | medium | — | 4.7 | 13y ago | The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive… | |||
| CVE-2013-1957 | medium | — | 4.7 | 13y ago | The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only propert… | |||
| CVE-2013-3231 | medium | — | 4.7 | 13y ago | The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel … | |||
| CVE-2013-1494 | medium | — | 4.7 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2013-1792 | medium | — | 4.7 | 13y ago | Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and sys… | |||
| CVE-2013-0309 | medium | — | 4.7 | 14y ago | arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial o… | |||
| CVE-2013-0153 | medium | — | 4.7 | 14y ago | The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to … | |||
| CVE-2013-0152 | medium | — | 4.7 | 14y ago | Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not prope… | |||
| CVE-2013-6501 | medium | — | 4.6 | 11y ago | The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL … | |||
| CVE-2013-2027 | medium | — | 4.6 | 12y ago | Jython Improper Access Restrictions vulnerability | |||
| CVE-2013-6306 | medium | — | 4.6 | 12y ago | Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges … | |||
| CVE-2013-0204 | medium | — | 4.6 | 12y ago | settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings. | |||
| CVE-2013-6975 | medium | — | 4.6 | 12y ago | Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | |||
| CVE-2013-7374 | medium | — | 4.6 | 12y ago | The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypa… | |||
| CVE-2013-7221 | medium | — | 4.6 | 12y ago | The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute ar… | |||
| CVE-2013-7220 | medium | — | 4.6 | 12y ago | js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus o… | |||
| CVE-2013-7348 | medium | — | 4.6 | 12y ago | Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other i… | |||
| CVE-2013-2089 | medium | — | 4.6 | 12y ago | Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the … | |||
| CVE-2013-6412 | medium | — | 4.6 | 13y ago | The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be… | |||
| CVE-2013-5888 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||
| CVE-2013-5821 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC. | |||
| CVE-2013-5010 | medium | — | 4.6 | 13y ago | The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x … | |||
| CVE-2013-7042 | medium | — | 4.6 | 13y ago | SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2013-6432 | medium | — | 4.6 | 13y ago | The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service… | |||
| CVE-2013-4465 | medium | — | 4.6 | 13y ago | Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file… | |||
| CVE-2013-5550 | medium | — | 4.6 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operatio… | |||
| CVE-2013-4370 | medium | — | 4.6 | 13y ago | The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corr… | |||
| CVE-2013-5008 | medium | — | 4.6 | 13y ago | The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across d… | |||
| CVE-2013-4256 | medium | — | 4.6 | 13y ago | Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display … | |||
| CVE-2013-4326 | medium | — | 4.6 | 13y ago | RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess Po… | |||
| CVE-2013-4324 | medium | — | 4.6 | 13y ago | spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by l… | |||
| CVE-2013-4311 | medium | — | 4.6 | 13y ago | libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race c… | |||
| CVE-2013-1066 | medium | — | 4.6 | 13y ago | language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass inte… | |||
| CVE-2013-1065 | medium | — | 4.6 | 13y ago | backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a Po… | |||
| CVE-2013-1064 | medium | — | 4.6 | 13y ago | apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restr… | |||
| CVE-2013-1063 | medium | — | 4.6 | 13y ago | usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass i… | |||
| CVE-2013-1062 | medium | — | 4.6 | 13y ago | ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass in… | |||
| CVE-2013-1061 | medium | — | 4.6 | 13y ago | dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authorit… | |||
| CVE-2013-3467 | medium | — | 4.6 | 13y ago | Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of serv… | |||
| CVE-2013-4033 | medium | — | 4.6 | 13y ago | IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. | |||
| CVE-2013-3464 | medium | — | 4.6 | 13y ago | Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo … | |||
| CVE-2013-0943 | medium | — | 4.6 | 13y ago | EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin. | |||
| CVE-2013-3028 | medium | — | 4.6 | 13y ago | Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via u… | |||
| CVE-2013-2339 | medium | — | 4.6 | 13y ago | HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero Client, t410 Smart Zero Client, t510 Flexible Thin Client, t5565z Smart Client, t610 Flexible Thin Client, and t610 PLUS Flexible Th… | |||
| CVE-2013-3927 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging re… | |||
| CVE-2013-3951 | medium | — | 4.6 | 13y ago | sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users… | |||
| CVE-2013-2119 | medium | — | 4.6 | 13y ago | Phusion Passenger Denial of Service | |||
| CVE-2013-1136 | medium | — | 4.6 | 13y ago | The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor c… | |||
| CVE-2013-1240 | medium | — | 4.6 | 13y ago | The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue2… | |||
| CVE-2013-2418 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity… | |||
| CVE-2013-1523 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors relate… | |||
| CVE-2013-0977 | medium | — | 4.6 | 13y ago | dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requi… | |||
| CVE-2013-0151 | medium | — | 4.6 | 13y ago | The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause … | |||
| CVE-2013-1819 | medium | — | 4.6 | 13y ago | The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and sy… | |||
| CVE-2013-1048 | medium | — | 4.6 | 13y ago | The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not proper… | |||
| CVE-2013-0407 | medium | — | 4.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework. | |||
| CVE-2013-3728 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat para… | |||
| CVE-2013-6232 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page. | |||
| CVE-2013-0177 | low | — | 4.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x all… | |||
| CVE-2013-7274 | low | — | 4.5 | 13y ago | Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload. | |||
| CVE-2013-7194 | low | — | 4.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1… | |||
| CVE-2013-7025 | low | — | 4.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before… | |||
| CVE-2013-3617 | low | — | 4.5 | 13y ago | The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity refe… | |||
| CVE-2013-5572 | low | — | 4.5 | 13y ago | Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code. | |||
| CVE-2013-1648 | low | — | 4.5 | 13y ago | The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authentic… | |||
| CVE-2013-2299 | low | — | 4.5 | 13y ago | Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspec… | |||
| CVE-2013-5317 | low | — | 4.5 | 13y ago | Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php. | |||
| CVE-2013-3803 | low | — | 4.5 | 13y ago | Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier allows remote authenticated users… | |||
| CVE-2013-1874 | medium | — | 4.4 | 12y ago | Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. | |||
| CVE-2013-4215 | medium | — | 4.4 | 12y ago | The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | |||
| CVE-2013-0296 | medium | — | 4.4 | 12y ago | Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local… | |||
| CVE-2013-6476 | medium | — | 4.4 | 12y ago | The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same… | |||
| CVE-2013-6024 | medium | — | 4.4 | 13y ago | The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory… | |||
| CVE-2013-3713 | medium | — | 4.4 | 13y ago | The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensiti… | |||
| CVE-2013-5973 | medium | — | 4.4 | 13y ago | VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Serv… | |||
| CVE-2013-6378 | medium | — | 4.4 | 13y ago | The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a… | |||
| CVE-2013-1057 | medium | — | 4.4 | 13y ago | Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current wo… | |||
| CVE-2013-4371 | medium | — | 4.4 | 13y ago | Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the real… | |||
| CVE-2013-5161 | medium | — | 4.4 | 13y ago | Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or rea… | |||
| CVE-2013-3037 | medium | — | 4.4 | 13y ago | Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors. | |||
| CVE-2013-2035 | medium | — | 4.4 | 13y ago | Improper Control of Generation of Code in HawtJNI | |||
| CVE-2013-2145 | medium | — | 4.4 | 13y ago | The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special u… | |||
| CVE-2013-3136 | medium | — | 4.4 | 13y ago | The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page… | |||
| CVE-2013-4136 | medium | — | 4.4 | 13y ago | ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a… | |||
| CVE-2013-1929 | medium | — | 4.4 | 13y ago | Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (sys… | |||
| CVE-2013-3302 | medium | — | 4.4 | 13y ago | Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly ha… | |||
| CVE-2013-1219 | medium | — | 4.4 | 13y ago | SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initia… | |||
| CVE-2013-0413 | medium | — | 4.4 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service. | |||
| CVE-2013-1920 | medium | — | 4.4 | 13y ago | Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain… | |||
| CVE-2013-2777 | medium | — | 4.4 | 13y ago | sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hi… | |||
| CVE-2013-2776 | medium | — | 4.4 | 13y ago | sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling ter… | |||
| CVE-2013-1776 | medium | — | 4.4 | 13y ago | sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions t… | |||
| CVE-2013-0224 | medium | — | 4.4 | 13y ago | The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. | |||
| CVE-2013-4314 | medium | — | 4.3 | 4y ago | The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle a… | |||
| CVE-2013-4193 | medium | — | 4.3 | 4y ago | typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers … | |||
| CVE-2013-2209 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arb… |