Export limit exceeded: 26270 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26270 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4112 2 Jgroups, Redhat 5 Jgroup, Jboss Data Grid, Jboss Enterprise Application Platform and 2 more 2025-04-11 N/A
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
CVE-2013-4129 1 Linux 1 Linux Kernel 2025-04-11 N/A
The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c.
CVE-2013-4165 1 Bitcoin 1 Bitcoin Core 2025-04-11 N/A
The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack.
CVE-2013-4180 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2025-04-11 N/A
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
CVE-2013-4183 2 Openstack, Redhat 2 Cinder, Openstack 2025-04-11 N/A
The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2012-6543 1 Linux 1 Linux Kernel 2025-04-11 N/A
The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2013-4762 1 Puppet 1 Puppet Enterprise 2025-04-11 N/A
Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.
CVE-2013-4766 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2) Node Controller (NC) component.
CVE-2013-4780 1 Siemens 2 Enterprise Openscape Branch, Openscape Session Border Controller 2025-04-11 N/A
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2013-4788 1 Gnu 2 Eglibc, Glibc 2025-04-11 N/A
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
CVE-2013-4829 1 Hp 22 Color Laserjet Cm4540, Color Laserjet Cm4540f, Color Laserjet Cm4540fskm and 19 more 2025-04-11 N/A
HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors.
CVE-2013-4832 1 Hp 1 Service Manager 2025-04-11 N/A
HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2013-4924 1 Wireshark 1 Wireshark 2025-04-11 N/A
epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
CVE-2013-4930 1 Wireshark 1 Wireshark 2025-04-11 N/A
The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
CVE-2013-4955 1 Puppet 1 Puppet Enterprise 2025-04-11 N/A
Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.
CVE-2013-4961 1 Puppet 1 Puppet Enterprise 2025-04-11 N/A
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.
CVE-2013-5029 2 Opensuse, Phpmyadmin 2 Opensuse, Phpmyadmin 2025-04-11 N/A
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
CVE-2013-5045 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."
CVE-2013-5054 1 Microsoft 2 Office, Office 2013 Rt 2025-04-11 N/A
Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in 2013, aka "Token Hijacking Vulnerability."
CVE-2012-6542 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 N/A
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument.