CVE-2013-1418
- EPSS 5.51%
- Veröffentlicht 18.11.2013 03:55:05
- Zuletzt bearbeitet 29.04.2026 01:13:23
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon ...
CVE-2013-6621
- EPSS 1.77%
- Veröffentlicht 13.11.2013 15:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.
- EPSS 9.02%
- Veröffentlicht 13.11.2013 15:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file an...
CVE-2013-4508
- EPSS 2.63%
- Veröffentlicht 08.11.2013 04:47:22
- Zuletzt bearbeitet 29.04.2026 01:13:23
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
CVE-2013-4135
- EPSS 1.86%
- Veröffentlicht 05.11.2013 21:55:12
- Zuletzt bearbeitet 29.04.2026 01:13:23
The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-4134
- EPSS 0.76%
- Veröffentlicht 05.11.2013 21:55:08
- Zuletzt bearbeitet 29.04.2026 01:13:23
OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.
CVE-2013-4494
- EPSS 0.67%
- Veröffentlicht 02.11.2013 18:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.
CVE-2013-4391
- EPSS 5.34%
- Veröffentlicht 28.10.2013 22:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buf...
CVE-2013-4394
- EPSS 0.34%
- Veröffentlicht 28.10.2013 22:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration f...
CVE-2013-4365
- EPSS 13.14%
- Veröffentlicht 17.10.2013 23:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.