Total
5484 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1834 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field. | ||||
| CVE-2013-1859 | 2 Chris Desautels, Drupal | 2 Node Parameter Control, Drupal | 2025-04-11 | N/A |
| The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors. | ||||
| CVE-2013-1863 | 1 Samba | 1 Samba | 2025-04-11 | N/A |
| Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations. | ||||
| CVE-2013-1897 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux | 2025-04-11 | N/A |
| The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search. | ||||
| CVE-2013-1903 | 1 Postgresql | 1 Postgresql | 2025-04-11 | N/A |
| PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors. | ||||
| CVE-2013-1907 | 2 Acquia, Drupal | 3 Commons, Commons Group, Drupal | 2025-04-11 | N/A |
| The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | ||||
| CVE-2013-1908 | 3 Acquia, Commons Wikis Project, Drupal | 3 Commons, Commons Wikis, Drupal | 2025-04-11 | N/A |
| The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | ||||
| CVE-2013-1925 | 1 Chaos Tool Suite Project | 1 Ctools | 2025-04-11 | N/A |
| The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list. | ||||
| CVE-2013-1940 | 3 Canonical, Redhat, X | 3 Ubuntu Linux, Enterprise Linux, X.org-xserver | 2025-04-11 | N/A |
| X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. | ||||
| CVE-2013-1957 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace. | ||||
| CVE-2013-1958 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created. | ||||
| CVE-2013-1959 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A |
| kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process. | ||||
| CVE-2013-1964 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors. | ||||
| CVE-2013-1977 | 1 Openstack | 1 Devstack | 2025-04-11 | N/A |
| OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file. | ||||
| CVE-2013-2007 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2025-04-11 | N/A |
| The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files. | ||||
| CVE-2013-2030 | 1 Openstack | 4 Compute, Folsom, Grizzly and 1 more | 2025-04-11 | N/A |
| keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. | ||||
| CVE-2013-2051 | 1 Redhat | 1 Enterprise Linux | 2025-04-11 | N/A |
| The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887. | ||||
| CVE-2013-2069 | 1 Redhat | 2 Enterprise Linux, Livecd-tools | 2025-04-11 | N/A |
| Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges. | ||||
| CVE-2013-2077 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. | ||||
| CVE-2013-2080 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report. | ||||