Search Results (Refine Search)
- CPE Product Version: cpe:/o:opensuse:opensuse:12.3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-4508 |
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. Published: November 07, 2013; 11:47:22 PM -0500 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
CVE-2013-2065 |
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. Published: November 02, 2013; 3:55:04 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2013-4885 |
The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences. Published: October 26, 2013; 1:55:03 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-4365 |
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. Published: October 17, 2013; 7:55:04 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-2190 |
The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors. Published: October 17, 2013; 7:55:04 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-4389 |
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message. Published: October 16, 2013; 8:55:03 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-2927 |
Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements. Published: October 16, 2013; 4:55:06 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-4344 |
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. Published: October 04, 2013; 1:55:09 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2013-4288 |
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck. Published: October 03, 2013; 5:55:04 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2013-2919 |
Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Published: October 02, 2013; 6:35:35 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-2217 |
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/. Published: September 23, 2013; 4:55:07 PM -0400 |
V3.x:(not available) V2.0: 1.2 LOW |
CVE-2013-4123 |
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. Published: September 16, 2013; 3:14:38 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-5018 |
The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow. Published: August 28, 2013; 7:55:10 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-4111 |
The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Published: August 28, 2013; 5:55:08 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2013-2161 |
XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. Published: August 20, 2013; 6:55:04 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-5029 |
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. Published: August 19, 2013; 7:55:09 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-4852 |
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow. Published: August 19, 2013; 7:55:09 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-4242 |
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. Published: August 19, 2013; 7:55:09 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2013-2145 |
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/. Published: August 19, 2013; 7:55:08 PM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2013-1872 |
The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796. Published: August 19, 2013; 7:55:08 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |