Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-3495 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-11 | N/A |
| The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI). | ||||
| CVE-2013-3500 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | N/A |
| The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent attackers to bypass intended filesystem restrictions by leveraging access to a GroundWork script. | ||||
| CVE-2013-1813 | 3 Busybox, Redhat, T-mobile | 3 Busybox, Enterprise Linux, Tm-ac1900 | 2025-04-11 | N/A |
| util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. | ||||
| CVE-2013-3519 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | N/A |
| lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation. | ||||
| CVE-2013-1863 | 1 Samba | 1 Samba | 2025-04-11 | N/A |
| Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations. | ||||
| CVE-2013-1897 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux | 2025-04-11 | N/A |
| The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search. | ||||
| CVE-2013-1903 | 1 Postgresql | 1 Postgresql | 2025-04-11 | N/A |
| PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors. | ||||
| CVE-2013-1907 | 2 Acquia, Drupal | 3 Commons, Commons Group, Drupal | 2025-04-11 | N/A |
| The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | ||||
| CVE-2013-1908 | 3 Acquia, Commons Wikis Project, Drupal | 3 Commons, Commons Wikis, Drupal | 2025-04-11 | N/A |
| The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | ||||
| CVE-2013-1919 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices." | ||||
| CVE-2013-1920 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. | ||||
| CVE-2013-1925 | 1 Chaos Tool Suite Project | 1 Ctools | 2025-04-11 | N/A |
| The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list. | ||||
| CVE-2013-1956 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call. | ||||
| CVE-2013-1959 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process. | ||||
| CVE-2013-1964 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors. | ||||
| CVE-2012-3524 | 2 Freedesktop, Redhat | 2 Libdbus, Enterprise Linux | 2025-04-11 | N/A |
| libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the applications that do not cleanse environment variables, not in libdbus itself: "we do not support use of libdbus in setuid binaries that do not sanitize their environment before their first call into libdbus." | ||||
| CVE-2013-2030 | 1 Openstack | 4 Compute, Folsom, Grizzly and 1 more | 2025-04-11 | N/A |
| keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. | ||||
| CVE-2011-1473 | 1 Openssl | 1 Openssl | 2025-04-11 | N/A |
| OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment | ||||
| CVE-2011-3190 | 2 Apache, Redhat | 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. | ||||
| CVE-2013-2065 | 2 Opensuse, Ruby-lang | 2 Opensuse, Ruby | 2025-04-11 | N/A |
| (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. | ||||