Gentoo : Security Vulnerabilities, CVEs, Published In 2013
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.
Max CVSS
5.0
EPSS Score
0.68%
Published
2013-11-18
Updated
2016-10-18
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.
Max CVSS
4.3
EPSS Score
0.42%
Published
2013-11-18
Updated
2016-12-31
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2013-12-13
Updated
2023-02-13
Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.
Max CVSS
6.8
EPSS Score
42.55%
Published
2013-10-28
Updated
2013-10-29
4 vulnerabilities found