Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4401 | 1 Redhat | 1 Libvirt | 2023-11-07 | 8.5 HIGH | N/A |
| The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-2876 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-11-07 | 5.0 MEDIUM | N/A |
| browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions, which allows remote attackers to obtain sensitive information about the content of a previous page via vectors involving an interstitial page. | |||||
| CVE-2013-2881 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-11-07 | 5.8 MEDIUM | N/A |
| Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2013-2834 | 1 Google | 1 Chrome Os | 2023-11-07 | 5.0 MEDIUM | N/A |
| Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835. | |||||
| CVE-2013-2874 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-11-07 | 4.3 MEDIUM | N/A |
| Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures. | |||||
| CVE-2013-2930 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 3.6 LOW | N/A |
| The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. | |||||
| CVE-2013-2835 | 1 Google | 1 Chrome Os | 2023-11-07 | 5.0 MEDIUM | N/A |
| Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834. | |||||
| CVE-2013-2905 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-11-07 | 5.0 MEDIUM | N/A |
| The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file. | |||||
| CVE-2013-2866 | 1 Google | 2 Chrome, Chrome Os | 2023-11-07 | 4.3 MEDIUM | N/A |
| The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property. | |||||
| CVE-2013-2929 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 3.3 LOW | N/A |
| The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. | |||||
| CVE-2013-0922 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors. | |||||
| CVE-2013-0838 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2023-11-07 | 7.5 HIGH | N/A |
| Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors. | |||||
| CVE-2013-0921 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | N/A |
| The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site. | |||||
| CVE-2013-1635 | 1 Php | 1 Php | 2023-11-07 | 7.5 HIGH | N/A |
| ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. | |||||
| CVE-2013-2214 | 1 Nagios | 1 Nagios | 2023-11-07 | 4.0 MEDIUM | N/A |
| status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor "decided to change it for Nagios 4" and 3.5.1. | |||||
| CVE-2013-0918 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | N/A |
| Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site. | |||||
| CVE-2013-0924 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors. | |||||
| CVE-2013-0925 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors. | |||||
| CVE-2013-0914 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 3.6 LOW | N/A |
| The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. | |||||
| CVE-2013-2051 | 1 Redhat | 1 Enterprise Linux | 2023-11-07 | 2.6 LOW | N/A |
| The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887. | |||||