Skip to main content
CVE-2013-6858 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Horizon Opensuse Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-4545 MEDIUM This Month

cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

OpenSSL Information Disclosure Curl Libcurl
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4485 MEDIUM This Month

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux 389 Directory Server Directory Server
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2012-0786 LOW Monitor

The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Augeas
NVD GitHub
CVSS 2.0
3.3
EPSS
0.1%
CVE-2012-6607 LOW Monitor

The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup. Rated low severity (CVSS 3.3). No vendor patch available.

Path Traversal Augeas
NVD GitHub
CVSS 2.0
3.3
EPSS
0.0%
CVE-2013-0222 LOW Monitor

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Opensuse Enterprise Linux
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-4354 LOW Monitor

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Image Registry And Delivery Service Glance
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-4509 LOW PATCH Monitor

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which. Rated low severity (CVSS 1.9).

Authentication Bypass Ibus Opensuse
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-4481 LOW Monitor

Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Race Condition Luci Enterprise Linux
NVD
CVSS 2.0
1.9
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy