Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1854 | 2 Redhat, Rubyonrails | 3 Enterprise Linux, Rails, Ruby On Rails | 2023-02-12 | 5.0 MEDIUM | N/A |
| The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. | |||||
| CVE-2013-0329 | 1 Jenkins | 1 Jenkins | 2023-02-12 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors. | |||||
| CVE-2013-0328 | 1 Jenkins | 1 Jenkins | 2023-02-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0327 | 1 Jenkins | 1 Jenkins | 2023-02-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors. | |||||
| CVE-2013-1819 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.6 MEDIUM | N/A |
| The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. | |||||
| CVE-2013-0288 | 1 Arthurdejong | 1 Nss-pam-ldapd | 2023-02-12 | 6.8 MEDIUM | N/A |
| nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro. | |||||
| CVE-2013-1774 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2023-02-12 | 4.0 MEDIUM | N/A |
| The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. | |||||
| CVE-2013-1773 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2023-02-12 | 6.2 MEDIUM | N/A |
| Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. | |||||
| CVE-2013-1767 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 6.2 MEDIUM | N/A |
| Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. | |||||
| CVE-2013-1763 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 7.2 HIGH | N/A |
| Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message. | |||||
| CVE-2013-0349 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 1.9 LOW | N/A |
| The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. | |||||
| CVE-2013-0313 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 6.2 MEDIUM | N/A |
| The evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module (EVM) is enabled, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an attempted removexattr operation on an inode of a sockfs filesystem. | |||||
| CVE-2013-0311 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-02-12 | 6.5 MEDIUM | N/A |
| The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. | |||||
| CVE-2013-0310 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-02-12 | 6.6 MEDIUM | N/A |
| The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. | |||||
| CVE-2013-0309 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-02-12 | 4.7 MEDIUM | N/A |
| arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application. | |||||
| CVE-2013-0290 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | N/A |
| The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application. | |||||
| CVE-2013-0333 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2023-02-12 | 7.5 HIGH | N/A |
| lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156. | |||||
| CVE-2013-0268 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 6.2 MEDIUM | N/A |
| The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. | |||||
| CVE-2013-0241 | 3 Canonical, Qxl Graphics Driver Project, Redhat | 5 Ubuntu Linux, Xf86-video-qxl, Enterprise Linux Desktop and 2 more | 2023-02-12 | 2.1 LOW | N/A |
| The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-0263 | 1 Rack Project | 1 Rack | 2023-02-12 | 5.1 MEDIUM | N/A |
| Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time. | |||||