- EPSS 1.81%
- Veröffentlicht 02.05.2013 14:55:05
- Zuletzt bearbeitet 29.04.2026 01:13:23
The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history in...
- EPSS 2.57%
- Veröffentlicht 02.05.2013 14:55:05
- Zuletzt bearbeitet 29.04.2026 01:13:23
The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors ...
CVE-2013-1926
- EPSS 1.87%
- Veröffentlicht 29.04.2013 22:55:08
- Zuletzt bearbeitet 29.04.2026 01:13:23
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets vi...
CVE-2013-1927
- EPSS 4.32%
- Veröffentlicht 29.04.2013 22:55:08
- Zuletzt bearbeitet 29.04.2026 01:13:23
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
- EPSS 4.99%
- Veröffentlicht 29.04.2013 22:55:08
- Zuletzt bearbeitet 29.04.2026 01:13:23
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.
CVE-2013-0338
- EPSS 2.86%
- Veröffentlicht 25.04.2013 23:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entit...
CVE-2013-2423
- EPSS 85.33%
- Veröffentlicht 17.04.2013 18:55:07
- Zuletzt bearbeitet 22.04.2026 13:06:26
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is...
CVE-2013-1899
- EPSS 54.31%
- Veröffentlicht 04.04.2013 17:55:00
- Zuletzt bearbeitet 29.04.2026 01:13:23
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration setti...
CVE-2013-1900
- EPSS 4.51%
- Veröffentlicht 04.04.2013 17:55:00
- Zuletzt bearbeitet 29.04.2026 01:13:23
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors relat...
- EPSS 3.3%
- Veröffentlicht 04.04.2013 17:55:00
- Zuletzt bearbeitet 29.04.2026 01:13:23
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.