Export limit exceeded: 345876 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345876 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1895 | 2 Fedoraproject, Python | 2 Fedora, Py-bcrypt | 2024-11-21 | 7.5 High |
| The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | ||||
| CVE-2013-1891 | 2 Microsoft, Opencart | 2 Windows, Opencart | 2024-11-21 | 6.5 Medium |
| In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed. | ||||
| CVE-2013-1889 | 1 Mod Ruid2 Project | 1 Mod Ruid2 | 2024-11-21 | 7.5 High |
| mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot. | ||||
| CVE-2013-1867 | 1 Apple | 2 Mac Os X, Tokend | 2024-11-21 | 6.1 Medium |
| Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability | ||||
| CVE-2013-1866 | 2 Apple, Opensc Project | 2 Mac Os X, Opensc | 2024-11-21 | 6.1 Medium |
| OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability | ||||
| CVE-2013-1820 | 2 Fedoraproject, Redhat | 2 Fedora, Tuned | 2024-11-21 | 5.5 Medium |
| tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. | ||||
| CVE-2013-1817 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2024-11-21 | 7.5 High |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | ||||
| CVE-2013-1816 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2024-11-21 | 7.5 High |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | ||||
| CVE-2013-1811 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2024-11-21 | 4.3 Medium |
| An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". | ||||
| CVE-2013-1809 | 2 Debian, Gambas Project | 2 Debian Linux, Gambas | 2024-11-21 | 7.5 High |
| Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. | ||||
| CVE-2013-1793 | 1 Redhat | 2 Openstack, Openstack Essex | 2024-11-21 | 7.5 High |
| openstack-utils openstack-db has insecure password creation | ||||
| CVE-2013-1771 | 1 Monkey-project | 1 Monkey | 2024-11-21 | 7.5 High |
| The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. | ||||
| CVE-2013-1760 | 1 Thebuggenie | 1 The Bug Genie | 2024-11-21 | 6.1 Medium |
| The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities | ||||
| CVE-2013-1753 | 2 Python, Redhat | 3 Python, Enterprise Linux, Rhel Software Collections | 2024-11-21 | 7.5 High |
| The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. | ||||
| CVE-2013-1751 | 1 Twiki | 1 Twiki | 2024-11-21 | 9.8 Critical |
| TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. | ||||
| CVE-2013-1744 | 1 Iris Citations Management Tool Project | 1 Iris Citations Management Tool | 2024-11-21 | 9.8 Critical |
| IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands. | ||||
| CVE-2013-1689 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames. | ||||
| CVE-2013-1666 | 1 Foswiki | 1 Foswiki | 2024-11-21 | 9.8 Critical |
| Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. | ||||
| CVE-2013-1642 | 1 Quixplorer Project | 1 Quixplorer | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php. | ||||
| CVE-2013-1634 | 1 Intel | 2 82574l Controller, 82574l Controller Firmware | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image. | ||||