VIR Vulnerability Intelligence Relay

Search

Found 937 results in 156ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2014-1418 medium 6.4 FIX ubuntu ubuntudebian debian djangoproject 12y ago Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attacke…
CVE-2014-0209 medium 4.6 FIX ubuntu ubuntudebian debian x 12y ago Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a di…
CVE-2011-4407 medium 4.3 FIX ubuntu ubuntudebian debian canonical 12y ago ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys fo…
CVE-2014-3145 medium 4.9 FIX debian debianubuntu ubuntu linux-kernel 12y ago The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows …
CVE-2014-3144 medium 4.9 FIX debian debianubuntu ubuntu linux-kernel 12y ago The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain l…
CVE-2014-3122 medium 4.9 FIX debian debianubuntu ubuntu linux-kernel 12y ago The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system c…
CVE-2014-0190 medium 4.3 ubuntu ubuntususe susefedora fedora qt 12y ago The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image.
CVE-2013-4544 medium 4.9 FIX ubuntu ubuntudebian debian qemu 12y ago hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers o…
CVE-2014-3204 medium 4.4 ubuntu ubuntu ayatana_project 12y ago Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demo…
CVE-2014-3203 medium 4.4 ubuntu ubuntu ayatana_project 12y ago Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and ex…
CVE-2013-7374 medium 4.6 ubuntu ubuntu 12y ago The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypa…
CVE-2014-0471 medium 5.0 FIX debian debianubuntu ubuntu debian 12y ago Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted …
CVE-2014-1530 medium 6.1 6.1 ubuntu ubuntudebian debian rhel mozilla 12y ago The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL wi…
CVE-2014-1526 medium 6.8 ubuntu ubuntususe susefedora fedora mozilla 12y ago The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is vis…
CVE-2014-1523 medium 6.5 6.5 ubuntu ubuntudebian debian rhel mozilla 12y ago Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a…
CVE-2011-3152 medium 6.4 ubuntu ubuntu canonical 12y ago DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25…
CVE-2014-0473 medium 5.0 FIX ubuntu ubuntudebian debian djangoproject 12y ago The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to…
CVE-2014-0472 medium 5.1 FIX ubuntu ubuntudebian debian djangoproject 12y ago The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Pyth…
CVE-2011-3154 low 1.9 ubuntu ubuntu canonical 12y ago DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 d…
CVE-2011-4406 low 3.6 FIX debian debianubuntu ubuntu canonical 12y ago The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified v…
CVE-2014-2413 medium 4.3 ubuntu ubuntu oracle 12y ago Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.
CVE-2014-2403 medium 5.0 debian debianubuntu ubuntu oracle 12y ago Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.
CVE-2014-2398 low 3.5 debian debianubuntu ubuntu oracleibm 12y ago Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related…
CVE-2014-0460 medium 5.8 debian debianubuntu ubuntu oraclejuniper 12y ago Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vecto…
CVE-2014-0459 medium 4.3 FIX debian debianubuntu ubuntu oracle 12y ago Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
CVE-2014-0453 medium 4.0 debian debianubuntu ubuntu oraclejuniperibm 12y ago Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unkno…
CVE-2011-3628 medium 6.9 FIX ubuntu ubuntudebian debian canonical 12y ago Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ub…
CVE-2013-5704 medium 5.0 FIX debian debian rhelmacos macos apacheredhatoracle 12y ago The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfe…
CVE-2014-2568 low 2.9 FIX slesdebian debianubuntu ubuntu 12y ago Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory…
CVE-2014-2497 medium 4.3 FIX debian debianubuntu ubuntususe suse php 12y ago The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a c…
CVE-2014-2241 medium 6.8 FIX debian debianubuntu ubuntu freetype 12y ago The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to c…
CVE-2014-0098 medium 5.0 FIX debian debianubuntu ubuntu apacheoracle 12y ago The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon cra…
CVE-2013-6438 medium 5.0 FIX debian debianubuntu ubuntu apacheoracle 12y ago The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote atta…
CVE-2014-2270 medium 4.3 FIX debian debianubuntu ubuntususe suse file_projectphp 12y ago softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE execu…
CVE-2013-6476 medium 4.4 FIX debian debianubuntu ubuntufedora fedora linuxfoundation 12y ago The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same…
CVE-2013-6475 medium 6.8 FIX debian debianubuntu ubuntufedora fedora linuxfoundation 12y ago Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a c…
CVE-2013-6474 medium 6.8 FIX debian debianubuntu ubuntufedora fedora linuxfoundation 12y ago Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2013-6473 medium 6.8 FIX debian debianubuntu ubuntu linuxfoundation 12y ago Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.
CVE-2013-4496 medium 5.0 FIX ubuntu ubuntudebian debian samba 12y ago Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obta…
CVE-2014-0004 medium 6.9 FIX ubuntu ubuntudebian debian freedesktop 12y ago Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.
CVE-2011-3153 low 1.9 FIX debian debianubuntu ubuntu robert_ancell 12y ago dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.
CVE-2011-3634 low 2.6 FIX debian debianubuntu ubuntu debian 12y ago methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository cre…
CVE-2014-2038 low 2.1 FIX debian debianubuntu ubuntu linux-kernel 12y ago The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows …
CVE-2014-1874 medium 4.9 FIX debian debiansuse suseubuntu ubuntu 12y ago The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_…
CVE-2014-1690 low 2.6 FIX debian debianubuntu ubuntu linux-kernel 12y ago The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in whic…
CVE-2014-1943 medium 5.0 FIX debian debianubuntu ubuntu fine_free_file_projectphp 13y ago Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
CVE-2013-7327 medium 6.8 ubuntu ubuntu php 13y ago The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspeci…
CVE-2012-3406 medium 6.8 FIX debian debian rhelubuntu ubuntu gnuredhat 13y ago The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SP…
CVE-2012-3405 medium 5.0 FIX debian debian rhelubuntu ubuntu gnuredhat 13y ago The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to …
CVE-2012-3404 medium 5.0 FIX debian debian rhelubuntu ubuntu gnuredhat 13y ago The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to …
CVE-2013-6393 medium 6.8 FIX debian debiansuse suseubuntu ubuntu pyyamlredhat 13y ago Heap Based Buffer Overflow in libyaml
CVE-2013-2038 medium 4.3 FIX slesdebian debianubuntu ubuntu gpsd_project 13y ago The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpret…
CVE-2014-1491 medium 4.3 FIX debian debiansuse suseubuntu ubuntu mozillaoracle 13y ago Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does n…
CVE-2014-1489 medium 4.3 suse suseubuntu ubuntu mozilla 13y ago Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore…
CVE-2014-1483 medium 5.0 suse suseubuntu ubuntu mozillasuse 13y ago Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain t…
CVE-2014-1480 medium 4.3 suse suseubuntu ubuntu mozilla 13y ago The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjac…
CVE-2011-4613 medium 5.6 EXPFIX ubuntu ubuntudebian debian x.org 13y ago The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restricti…
CVE-2011-3377 medium 4.3 FIX debian debiansuse suseubuntu ubuntu redhat 13y ago The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network conne…
CVE-2011-2725 medium 6.8 suse suseubuntu ubuntu kde 13y ago Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
CVE-2013-6891 low 1.2 FIX debian debianubuntu ubuntu apple 13y ago lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cup…
CVE-2013-0339 medium 6.8 FIX debian debianubuntu ubuntususe suse xmlsoft 13y ago libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote at…
CVE-2013-2037 low 2.6 FIX ubuntu ubuntudebian debian httplib2_project 13y ago httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the …
CVE-2013-6425 medium 5.0 FIX debian debianubuntu ubuntususe suse pixman 13y ago Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) v…
CVE-2013-6424 medium 5.0 FIX debian debianubuntu ubuntususe suse pixman 13y ago Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
CVE-2014-0437 low 3.5 debian debianubuntu ubuntu rhel oraclemariadb 13y ago Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unk…
CVE-2014-0420 low 2.8 debian debianubuntu ubuntu rhel oraclemariadb 13y ago Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors relate…
CVE-2014-0412 medium 4.0 debian debianubuntu ubuntu rhel oraclemariadb 13y ago Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unk…
CVE-2014-0402 medium 4.0 debian debianubuntu ubuntu rhel oraclemariadb 13y ago Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unk…
CVE-2014-0401 medium 4.0 debian debianubuntu ubuntu rhel oraclemariadb 13y ago Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unk…
CVE-2014-0393 low 3.3 debian debianubuntu ubuntu rhel oraclemariadb 13y ago Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknow…
CVE-2014-0386 medium 4.0 debian debianubuntu ubuntu rhel oraclemariadb 13y ago Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unk…
CVE-2013-5908 low 2.6 debian debianubuntu ubuntu rhel oraclemariadb 13y ago Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vecto…
CVE-2013-5891 medium 4.0 debian debianubuntu ubuntu rhel oraclemariadb 13y ago Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related …
CVE-2013-4969 low 2.1 FIX slesdebian debianubuntu ubuntu puppetlabspuppet 13y ago Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
CVE-2013-6422 medium 4.0 FIX debian debianubuntu ubuntu haxx 13y ago The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fie…
CVE-2013-6391 medium 5.8 FIX debian debianubuntu ubuntu openstackredhat 13y ago The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to …
CVE-2012-6151 medium 5.3 EXPFIX debian debianmacos macosubuntu ubuntu net-snmp 13y ago Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, …
CVE-2013-6673 medium 5.9 5.9 fedora fedorasuse suseubuntu ubuntu mozillasuse 13y ago Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it e…
CVE-2013-6672 medium 4.3 linux-kernelfedora fedorasuse suse mozilla 13y ago Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.
CVE-2013-5614 medium 4.3 fedora fedorasuse suseubuntu ubuntu mozilla 13y ago Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attacker…
CVE-2013-5612 medium 4.3 fedora fedorasuse suseubuntu ubuntu mozilla 13y ago Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Orig…
CVE-2013-5611 medium 5.8 fedora fedorasuse suseubuntu ubuntu mozilla 13y ago Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing…
CVE-2012-6150 low 3.6 FIX ubuntu ubuntudebian debian samba 13y ago The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which all…
CVE-2013-6712 medium 5.0 macos macossuse suseubuntu ubuntu php 13y ago The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of servi…
CVE-2013-4459 low 3.3 FIX debian debianubuntu ubuntu robert_ancell 13y ago LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.
CVE-2013-1058 medium 5.8 ubuntu ubuntu canonical 13y ago maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.
CVE-2013-6858 medium 4.3 FIX debian debiansuse suseubuntu ubuntu openstack 13y ago Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" …
CVE-2013-4474 medium 6.0 EXPFIX ubuntu ubuntudebian debian freedesktop 13y ago Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in …
CVE-2010-3443 medium 5.0 FIX ubuntu ubuntudebian debian quassel-irc 13y ago ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIV…
CVE-2013-6629 medium 5.0 FIX slesdebian debianfedora fedora googleartifexlibjpeg-turbo 13y ago The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain dup…
CVE-2013-1057 medium 4.4 ubuntu ubuntu canonical 13y ago Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current wo…
CVE-2013-4475 medium 4.0 FIX debian debianubuntu ubuntu samba 13y ago Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restricti…
CVE-2013-4402 medium 5.0 FIX debian debianubuntu ubuntu gnupg 13y ago The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
CVE-2013-1056 low 1.9 FIX ubuntu ubuntudebian debian 13y ago X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files.
CVE-2013-4428 low 3.5 FIX debian debianubuntu ubuntu openstack 13y ago OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to ca…
CVE-2013-1067 medium 4.9 ubuntu ubuntu 13y ago Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.
CVE-2013-5807 medium 4.9 rhelubuntu ubuntudebian debian oraclemariadb 13y ago Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to…
CVE-2013-3839 medium 4.0 rhelubuntu ubuntudebian debian oraclemariadb 13y ago Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unk…
CVE-2013-4256 medium 4.6 FIX ubuntu ubuntudebian debian radscan 13y ago Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display …
CVE-2013-2099 medium 4.3 FIX debian debianubuntu ubuntu python 13y ago Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python v…