The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
Max CVSS
7.2
EPSS Score
0.06%
Published
2013-04-29
Updated
2024-02-02
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Max CVSS
4.0
EPSS Score
0.39%
Published
2013-04-17
Updated
2022-08-29
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
Max CVSS
3.0
EPSS Score
0.06%
Published
2013-04-17
Updated
2022-09-21
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Max CVSS
4.0
EPSS Score
0.39%
Published
2013-04-17
Updated
2022-08-29
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
Max CVSS
6.5
EPSS Score
0.23%
Published
2013-04-17
Updated
2022-07-19
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
Max CVSS
6.5
EPSS Score
0.23%
Published
2013-04-17
Updated
2022-07-19
The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.
Max CVSS
4.7
EPSS Score
0.06%
Published
2013-04-29
Updated
2023-02-13
The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.
Max CVSS
4.7
EPSS Score
0.04%
Published
2013-04-29
Updated
2023-02-13
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
Max CVSS
6.8
EPSS Score
3.22%
Published
2013-04-29
Updated
2018-10-30
The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a crafted applet.
Max CVSS
5.8
EPSS Score
0.44%
Published
2013-04-29
Updated
2018-10-30
Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.
Max CVSS
4.3
EPSS Score
0.25%
Published
2013-04-02
Updated
2023-02-13
PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file.
Max CVSS
4.4
EPSS Score
0.04%
Published
2013-04-10
Updated
2017-08-29
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
Max CVSS
4.0
EPSS Score
0.39%
Published
2013-04-17
Updated
2022-08-26
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
Max CVSS
6.5
EPSS Score
0.23%
Published
2013-04-17
Updated
2022-07-19
Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.
Max CVSS
3.5
EPSS Score
0.39%
Published
2013-04-17
Updated
2022-09-16
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
Max CVSS
4.0
EPSS Score
0.39%
Published
2013-04-17
Updated
2022-08-26
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
Max CVSS
4.0
EPSS Score
0.39%
Published
2013-04-17
Updated
2022-08-26
Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.
Max CVSS
6.5
EPSS Score
0.23%
Published
2013-04-17
Updated
2022-07-19
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.
Max CVSS
6.5
EPSS Score
0.23%
Published
2013-04-17
Updated
2022-07-18
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
Max CVSS
2.8
EPSS Score
0.39%
Published
2013-04-17
Updated
2022-09-21
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
Max CVSS
4.0
EPSS Score
95.63%
Published
2013-04-19
Updated
2021-02-02
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.
Max CVSS
5.0
EPSS Score
6.88%
Published
2013-04-03
Updated
2022-12-21
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.
Max CVSS
5.0
EPSS Score
0.33%
Published
2013-04-12
Updated
2013-04-15
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets.
Max CVSS
7.5
EPSS Score
0.89%
Published
2013-04-12
Updated
2013-04-15
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2013-04-10
Updated
2013-04-11
29 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!