Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-2175 |
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. Published: August 19, 2013; 9:07:58 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-2162 |
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials. Published: August 19, 2013; 9:07:40 AM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2013-4248 |
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Published: August 17, 2013; 10:52:23 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-2132 |
bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef." Published: August 15, 2013; 1:55:24 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-2126 |
Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file. Published: August 14, 2013; 11:55:06 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4124 |
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Published: August 05, 2013; 10:56:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-2174 |
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. Published: July 31, 2013; 9:20:25 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-2112 |
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. Published: July 31, 2013; 9:20:24 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2013-1968 |
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. Published: July 31, 2013; 9:20:24 AM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2013-4002 |
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. Published: July 23, 2013; 7:03:19 AM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2013-4668 |
Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c. Published: July 18, 2013; 12:51:40 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-3812 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. Published: July 17, 2013; 9:41:16 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-3809 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log. Published: July 17, 2013; 9:41:16 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-3804 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Published: July 17, 2013; 9:41:16 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-3802 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Published: July 17, 2013; 9:41:16 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-3793 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. Published: July 17, 2013; 9:41:16 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-3783 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. Published: July 17, 2013; 9:41:16 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-1896 |
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. Published: July 10, 2013; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-2064 |
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Published: June 15, 2013; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-1987 |
Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions. Published: June 15, 2013; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |