CVE-2013-0256
- EPSS 3.62%
- Veröffentlicht 01.03.2013 05:40:17
- Zuletzt bearbeitet 29.04.2026 01:13:23
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
- EPSS 2.97%
- Veröffentlicht 24.02.2013 21:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows re...
- EPSS 3.24%
- Veröffentlicht 24.02.2013 19:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of...
CVE-2012-5624
- EPSS 1.94%
- Veröffentlicht 24.02.2013 19:55:00
- Zuletzt bearbeitet 29.04.2026 01:13:23
The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML applicati...
CVE-2012-6093
- EPSS 1.78%
- Veröffentlicht 24.02.2013 19:55:00
- Zuletzt bearbeitet 29.04.2026 01:13:23
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an ...
CVE-2013-0894
- EPSS 1.71%
- Veröffentlicht 23.02.2013 21:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other ...
CVE-2013-0765
- EPSS 2.75%
- Veröffentlicht 19.02.2013 23:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2013-0772
- EPSS 1.96%
- Veröffentlicht 19.02.2013 23:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read an...
CVE-2013-0773
- EPSS 2.36%
- Veröffentlicht 19.02.2013 23:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modi...
CVE-2013-0774
- EPSS 1.31%
- Veröffentlicht 19.02.2013 23:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspeci...