CVE-2013-1063
- EPSS 0.37%
- Veröffentlicht 03.10.2013 21:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitU...
CVE-2013-1064
- EPSS 0.38%
- Veröffentlicht 03.10.2013 21:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSub...
CVE-2013-1065
- EPSS 0.37%
- Veröffentlicht 03.10.2013 21:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a ...
CVE-2013-1066
- EPSS 0.38%
- Veröffentlicht 03.10.2013 21:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnix...
CVE-2013-5745
- EPSS 8.72%
- Veröffentlicht 01.10.2013 17:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authenticatio...
- EPSS 3.93%
- Veröffentlicht 30.09.2013 22:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecifie...
CVE-2013-4222
- EPSS 1.89%
- Veröffentlicht 30.09.2013 22:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.
- EPSS 2.68%
- Veröffentlicht 30.09.2013 21:55:09
- Zuletzt bearbeitet 29.04.2026 01:13:23
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized po...
CVE-2013-4314
- EPSS 1.2%
- Veröffentlicht 30.09.2013 21:55:09
- Zuletzt bearbeitet 29.04.2026 01:13:23
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a craft...
CVE-2013-4343
- EPSS 0.36%
- Veröffentlicht 25.09.2013 10:31:29
- Zuletzt bearbeitet 29.04.2026 01:13:23
Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call.