CVE-2013-1060
- EPSS 0.44%
- Veröffentlicht 25.09.2013 10:31:26
- Zuletzt bearbeitet 29.04.2026 01:13:23
A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuratio...
CVE-2013-4202
- EPSS 2.6%
- Veröffentlicht 16.09.2013 19:14:38
- Zuletzt bearbeitet 29.04.2026 01:13:23
The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity...
- EPSS 2.63%
- Veröffentlicht 20.08.2013 22:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable asserti...
CVE-2013-4242
- EPSS 0.53%
- Veröffentlicht 19.08.2013 23:55:09
- Zuletzt bearbeitet 29.04.2026 01:13:23
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
CVE-2013-1872
- EPSS 2.61%
- Veröffentlicht 19.08.2013 23:55:08
- Zuletzt bearbeitet 29.04.2026 01:13:23
The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access,...
CVE-2013-2145
- EPSS 0.56%
- Veröffentlicht 19.08.2013 23:55:08
- Zuletzt bearbeitet 29.04.2026 01:13:23
The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module ...
CVE-2013-3567
- EPSS 3.41%
- Veröffentlicht 19.08.2013 23:55:08
- Zuletzt bearbeitet 29.04.2026 01:13:23
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.
- EPSS 3.52%
- Veröffentlicht 19.08.2013 13:07:58
- Zuletzt bearbeitet 29.04.2026 01:13:23
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP hea...
CVE-2013-2162
- EPSS 0.35%
- Veröffentlicht 19.08.2013 13:07:40
- Zuletzt bearbeitet 29.04.2026 01:13:23
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local ...
CVE-2013-4248
- EPSS 3.59%
- Veröffentlicht 18.08.2013 02:52:23
- Zuletzt bearbeitet 29.04.2026 01:13:23
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-...