Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
OpensuseOpensuse

16 matches found

CVE
CVEadded 2013/08/18 2:52 a.m.225 views

CVE-2013-4238

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate iss...

4.3CVSS6.2AI score0.04364EPSS
CVE
CVEadded 2013/08/06 2:56 a.m.174 views

CVE-2013-4124

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

5CVSS6.7AI score0.86808EPSS
CVE
CVEadded 2013/08/09 10:55 p.m.139 views

CVE-2013-4115

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.

7.5CVSS8.4AI score0.65539EPSS
CVE
CVEadded 2013/08/15 5:55 p.m.107 views

CVE-2013-2132

bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."

4.3CVSS7.3AI score0.02605EPSS
CVE
CVEadded 2013/08/19 11:55 p.m.101 views

CVE-2013-4242

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

1.9CVSS6AI score0.0009EPSS
CVE
CVEadded 2013/08/20 10:55 p.m.87 views

CVE-2013-2161

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.

7.5CVSS9.3AI score0.00329EPSS
CVE
CVEadded 2013/08/19 11:55 p.m.75 views

CVE-2013-1872

The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants...

6.8CVSS7.5AI score0.03297EPSS
CVE
CVEadded 2013/08/19 11:55 p.m.69 views

CVE-2013-4852

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the S...

6.8CVSS7.7AI score0.01751EPSS
CVE
CVEadded 2013/08/28 9:55 p.m.61 views

CVE-2013-3495

The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt ...

4.7CVSS5AI score0.00076EPSS
CVE
CVEadded 2013/08/28 9:55 p.m.60 views

CVE-2013-4111

The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the...

5.8CVSS6.3AI score0.0025EPSS
CVE
CVEadded 2013/08/14 3:55 p.m.59 views

CVE-2013-2126

Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.

7.5CVSS8.1AI score0.03225EPSS
CVE
CVEadded 2013/08/29 12:7 p.m.58 views

CVE-2013-5588

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.

4.3CVSS7.5AI score0.00329EPSS
CVE
CVEadded 2013/08/29 12:7 p.m.49 views

CVE-2013-5589

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS9AI score0.00417EPSS
CVE
CVEadded 2013/08/28 11:55 p.m.47 views

CVE-2013-5018

The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x0...

4.3CVSS6.4AI score0.02902EPSS
CVE
CVEadded 2013/08/19 11:55 p.m.46 views

CVE-2013-2145

The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.

4.4CVSS7.2AI score0.00198EPSS
CVE
CVEadded 2013/08/19 11:55 p.m.44 views

CVE-2013-5029

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.

4.3CVSS6AI score0.01725EPSS