| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2013-0254 |
264 |
|
|
2013-02-06 |
2021-06-16 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. |
|
252 |
CVE-2013-0247 |
399 |
|
DoS |
2013-02-24 |
2018-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries. |
|
253 |
CVE-2013-0242 |
119 |
|
DoS Overflow Mem. Corr. |
2013-02-08 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. |
|
254 |
CVE-2013-0241 |
399 |
|
DoS |
2013-02-13 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information. |
|
255 |
CVE-2013-0238 |
20 |
1
|
DoS |
2013-02-13 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes a negative number to be parsed. |
|
256 |
CVE-2013-0231 |
119 |
|
DoS Overflow |
2013-02-13 |
2017-08-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. |
|
257 |
CVE-2013-0220 |
119 |
|
DoS Overflow |
2013-02-24 |
2013-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet. |
|
258 |
CVE-2013-0219 |
264 |
|
|
2013-02-24 |
2019-04-22 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files. |
|
259 |
CVE-2013-0218 |
200 |
|
+Info |
2013-02-05 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file. |
|
260 |
CVE-2013-0217 |
399 |
|
DoS |
2013-02-18 |
2013-08-22 |
5.2 |
None |
Local Network |
Medium |
??? |
None |
None |
Complete |
|
Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions. |
|
261 |
CVE-2013-0216 |
20 |
|
DoS |
2013-02-18 |
2013-08-22 |
5.2 |
None |
Local Network |
Medium |
??? |
None |
None |
Complete |
|
The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. |
|
262 |
CVE-2013-0214 |
352 |
|
CSRF |
2013-02-02 |
2018-10-30 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. |
|
263 |
CVE-2013-0213 |
20 |
|
|
2013-02-02 |
2018-10-30 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. |
|
264 |
CVE-2013-0212 |
200 |
|
+Info |
2013-02-24 |
2015-02-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages. |
|
265 |
CVE-2013-0208 |
264 |
|
|
2013-02-13 |
2017-08-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter. |
|
266 |
CVE-2013-0190 |
20 |
|
DoS |
2013-02-13 |
2013-03-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption. |
|
267 |
CVE-2013-0189 |
119 |
|
DoS Overflow |
2013-02-08 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison. |
|
268 |
CVE-2013-0176 |
399 |
|
DoS |
2013-02-05 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet. |
|
269 |
CVE-2013-0170 |
416 |
|
DoS Exec Code |
2013-02-08 |
2020-10-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. |
|
270 |
CVE-2013-0169 |
310 |
|
|
2013-02-08 |
2019-10-09 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. |
|
271 |
CVE-2013-0166 |
310 |
|
DoS |
2013-02-08 |
2018-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. |
|
272 |
CVE-2013-0164 |
264 |
|
|
2013-02-24 |
2013-02-25 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. |
|
273 |
CVE-2013-0160 |
200 |
|
+Info |
2013-02-18 |
2017-11-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. |
|
274 |
CVE-2013-0158 |
|
|
|
2013-02-24 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors. |
|
275 |
CVE-2013-0153 |
|
|
DoS |
2013-02-14 |
2017-08-29 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests. |
|
276 |
CVE-2013-0152 |
399 |
|
DoS |
2013-02-13 |
2013-10-11 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not properly handled. |
|
277 |
CVE-2013-0120 |
20 |
|
DoS |
2013-02-24 |
2013-02-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The web interface on Dell PowerConnect 6248P switches allows remote attackers to cause a denial of service (device crash) via a malformed request. |
|
278 |
CVE-2013-0118 |
16 |
|
|
2013-02-24 |
2013-02-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self. |
|
279 |
CVE-2013-0113 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-02-24 |
2013-02-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document. |
|
280 |
CVE-2013-0108 |
94 |
|
Exec Code |
2013-02-24 |
2013-02-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document. |
|
281 |
CVE-2013-0077 |
94 |
|
Exec Code |
2013-02-13 |
2019-02-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability." |
|
282 |
CVE-2013-0076 |
399 |
|
+Priv |
2013-02-13 |
2020-09-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." |
|
283 |
CVE-2013-0075 |
|
|
DoS |
2013-02-13 |
2020-09-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." |
|
284 |
CVE-2013-0073 |
264 |
|
Exec Code |
2013-02-13 |
2020-09-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." |
|
285 |
CVE-2013-0030 |
119 |
|
Exec Code Overflow Mem. Corr. |
2013-02-13 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability." |
|
286 |
CVE-2013-0029 |
399 |
|
Exec Code |
2013-02-13 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability." |
|
287 |
CVE-2013-0028 |
399 |
|
Exec Code |
2013-02-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerability." |
|
288 |
CVE-2013-0027 |
399 |
|
Exec Code |
2013-02-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerability." |
|
289 |
CVE-2013-0026 |
399 |
|
Exec Code |
2013-02-13 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability." |
|
290 |
CVE-2013-0025 |
399 |
|
Exec Code |
2013-02-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability." |
|
291 |
CVE-2013-0024 |
399 |
|
Exec Code |
2013-02-13 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability." |
|
292 |
CVE-2013-0023 |
399 |
|
Exec Code |
2013-02-13 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability." |
|
293 |
CVE-2013-0022 |
399 |
|
Exec Code |
2013-02-13 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." |
|
294 |
CVE-2013-0021 |
399 |
|
Exec Code |
2013-02-13 |
2021-09-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability." |
|
295 |
CVE-2013-0020 |
399 |
|
Exec Code |
2013-02-13 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability." |
|
296 |
CVE-2013-0019 |
399 |
|
Exec Code |
2013-02-13 |
2020-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability." |
|
297 |
CVE-2013-0018 |
399 |
|
Exec Code |
2013-02-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability." |
|
298 |
CVE-2013-0015 |
200 |
|
+Info |
2013-02-13 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability." |
|
299 |
CVE-2012-6533 |
119 |
|
Overflow +Priv |
2013-02-18 |
2013-02-20 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application. |
|
300 |
CVE-2012-6532 |
399 |
|
DoS |
2013-02-13 |
2013-05-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. |
