Export limit exceeded: 343567 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343567 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343567 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343567 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4228 | 1 Organic Groups Project | 1 Organic Groups | 2024-11-21 | 4.3 Medium |
| The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. | ||||
| CVE-2013-4227 | 1 Mozilla | 1 Persona | 2024-11-21 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type. | ||||
| CVE-2013-4226 | 1 Drupal | 1 Authenticated User Page Caching | 2024-11-21 | 6.5 Medium |
| The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser. | ||||
| CVE-2013-4225 | 2 Redhat, Restful Web Services Project | 2 Satellite, Restful Web Services | 2024-11-21 | 8.8 High |
| The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. | ||||
| CVE-2013-4211 | 1 Openx | 1 Openx | 2024-11-21 | 9.8 Critical |
| A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code | ||||
| CVE-2013-4209 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2024-11-21 | N/A |
| Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums. | ||||
| CVE-2013-4201 | 2 Katello, Redhat | 2 Katello, Satellite | 2024-11-21 | N/A |
| Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions. | ||||
| CVE-2013-4187 | 1 Flippy Project | 1 Flippy | 2024-11-21 | 6.5 Medium |
| The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node. | ||||
| CVE-2013-4184 | 2 Data\, Debian | 2 \, Debian Linux | 2024-11-21 | 5.5 Medium |
| Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks | ||||
| CVE-2013-4176 | 1 Mysecureshell Project | 1 Mysecureshell | 2024-11-21 | 5.5 Medium |
| mysecureshell 1.31: Local Information Disclosure Vulnerability | ||||
| CVE-2013-4175 | 1 Mysecureshell Project | 1 Mysecureshell | 2024-11-21 | 5.5 Medium |
| MySecureShell 1.31 has a Local Denial of Service Vulnerability | ||||
| CVE-2013-4170 | 1 Emberjs | 1 Ember.js | 2024-11-21 | 6.1 Medium |
| In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`. | ||||
| CVE-2013-4168 | 3 Debian, Fedoraproject, Smokeping | 3 Debian Linux, Fedora, Smokeping | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. | ||||
| CVE-2013-4166 | 2 Gnome, Redhat | 6 Evolution, Evolution Data Server, Enterprise Linux and 3 more | 2024-11-21 | 7.5 High |
| The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. | ||||
| CVE-2013-4161 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2024-11-21 | 7.8 High |
| gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. | ||||
| CVE-2013-4158 | 3 Debian, Fedoraproject, Smokeping | 3 Debian Linux, Fedora, Smokeping | 2024-11-21 | 6.1 Medium |
| smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) | ||||
| CVE-2013-4144 | 1 Swfupload Project | 1 Swfupload | 2024-11-21 | 9.8 Critical |
| There is an object injection vulnerability in swfupload plugin for wordpress. | ||||
| CVE-2013-4133 | 2 Debian, Kde | 2 Debian Linux, Kde-workspace | 2024-11-21 | 7.5 High |
| kde-workspace before 4.10.5 has a memory leak in plasma desktop | ||||
| CVE-2013-4120 | 1 Theforeman | 1 Katello | 2024-11-21 | 7.5 High |
| Katello has a Denial of Service vulnerability in API OAuth authentication | ||||
| CVE-2013-4110 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 5.3 Medium |
| Cryptocat has an Unspecified Chat Participant User List Disclosure | ||||