CVE-2013-1860
- EPSS 0.82%
- Veröffentlicht 22.03.2013 11:59:11
- Zuletzt bearbeitet 29.04.2026 01:13:23
Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a craf...
CVE-2013-1052
- EPSS 0.45%
- Veröffentlicht 21.03.2013 17:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo.
CVE-2013-1051
- EPSS 1.34%
- Veröffentlicht 21.03.2013 17:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-...
- EPSS 4.93%
- Veröffentlicht 20.03.2013 16:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbit...
CVE-2013-1652
- EPSS 1.86%
- Veröffentlicht 20.03.2013 16:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's ...
CVE-2013-1653
- EPSS 5.38%
- Veröffentlicht 20.03.2013 16:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote ...
- EPSS 2.95%
- Veröffentlicht 20.03.2013 16:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessio...
- EPSS 2.91%
- Veröffentlicht 20.03.2013 16:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for oth...
CVE-2013-2566
- EPSS 84.42%
- Veröffentlicht 15.03.2013 21:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that u...
CVE-2013-0249
- EPSS 22.91%
- Veröffentlicht 08.03.2013 22:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash...