Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 178712 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2013-4269 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4267. Reason: This issue was MERGED into CVE-2013-4267 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2013-4267 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023 n/a
CVE-2013-4268 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4267. Reason: This issue was MERGED into CVE-2013-4267 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2013-4267 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023 n/a
CVE-2013-4267 Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php). HIGH Feb 12, 2020 n/a
CVE-2013-4266 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5123. Reason: This candidate is a reservation duplicate of CVE-2013-5123. Notes: All CVE users should reference CVE-2013-5123 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023 n/a
CVE-2013-4257 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4256. Reason: This issue was MERGED into CVE-2013-4256 because it is the same type of vulnerability. Notes: All CVE users should reference CVE-2013-4256 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023 n/a
CVE-2013-4253 The deployment script in the unsupported OpenShift Extras set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user\'s authorized_keys file. -- Oct 21, 2022 n/a
CVE-2013-4252 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none -- Nov 7, 2023 n/a
CVE-2013-4251 The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. MEDIUM Nov 8, 2019 n/a
CVE-2013-4246 libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties. -- Nov 1, 2017 n/a
CVE-2013-4245 Orca has arbitrary code execution due to insecure Python module load MEDIUM Dec 13, 2019 n/a
CVE-2013-4241 Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings - Custom Fields form (hms-testimonials-settings-fields page); or (7) name parameter in a Save action to the Settings - Template form (hms-testimonials-templates-new page). MEDIUM Feb 3, 2020 n/a
CVE-2013-4235 shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees LOW Dec 13, 2019 n/a
CVE-2013-4228 The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. MEDIUM Feb 26, 2020 n/a
CVE-2013-4227 Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security token that is not a string data type. MEDIUM Feb 27, 2020 n/a
CVE-2013-4226 The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser. MEDIUM Feb 26, 2020 n/a
CVE-2013-4225 The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the access resource node and create page content permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. MEDIUM Feb 11, 2020 n/a
CVE-2013-4224 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4187. Reason: This candidate is a duplicate of CVE-2013-4187. Notes: All CVE users should reference CVE-2013-4187 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023 n/a
CVE-2013-4211 A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code HIGH Feb 14, 2020 n/a
CVE-2013-4209 Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums. LOW May 1, 2018 n/a
CVE-2013-4201 Katello allows remote authenticated users to call the system remove_deletion CLI command via vectors related to remove system permissions. MEDIUM May 1, 2018 n/a
CVE-2013-4187 The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node. MEDIUM Feb 6, 2020 n/a
CVE-2013-4186 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. -- Nov 7, 2023 n/a
CVE-2013-4184 Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks LOW Dec 10, 2019 n/a
CVE-2013-4176 mysecureshell 1.31: Local Information Disclosure Vulnerability LOW Jan 27, 2020 n/a
CVE-2013-4175 MySecureShell 1.31 has a Local Denial of Service Vulnerability LOW Jan 27, 2020 n/a
CVE-2013-4170 In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view\'s `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (XSS). This vulnerability only affects applications that assign or bind user-provided content to `tagName`. LOW Jun 30, 2022 n/a
CVE-2013-4168 Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. MEDIUM Nov 4, 2019 n/a
CVE-2013-4166 The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. MEDIUM Feb 10, 2020 n/a
CVE-2013-4161 gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. HIGH Jan 9, 2020 n/a
CVE-2013-4158 smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) MEDIUM Dec 11, 2019 n/a
CVE-2013-4146 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023 n/a
CVE-2013-4145 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023 n/a
CVE-2013-4144 There is an object injection vulnerability in swfupload plugin for wordpress. HIGH Jun 30, 2022 n/a
CVE-2013-4142 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3969. Reason: This candidate is a duplicate of CVE-2013-3969. Notes: All CVE users should reference CVE-2013-3969 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023 n/a
CVE-2013-4141 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4125. Reason: This candidate is a reservation duplicate of CVE-2013-4125. Notes: All CVE users should reference CVE-2013-4125 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023 n/a
CVE-2013-4133 kde-workspace before 4.10.5 has a memory leak in plasma desktop HIGH Dec 10, 2019 n/a
CVE-2013-4126 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none -- Nov 7, 2023 n/a
CVE-2013-4121 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was a site-specific issue. Notes: none -- Nov 7, 2023 n/a
CVE-2013-4120 Katello has a Denial of Service vulnerability in API OAuth authentication MEDIUM Dec 10, 2019 n/a
CVE-2013-4110 Cryptocat has an Unspecified Chat Participant User List Disclosure MEDIUM Nov 5, 2019 n/a
CVE-2013-4109 An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165. MEDIUM Nov 14, 2019 n/a
CVE-2013-4108 Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors. HIGH Nov 14, 2019 n/a
CVE-2013-4107 Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting MEDIUM Nov 5, 2019 n/a
CVE-2013-4106 A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22. MEDIUM Nov 14, 2019 n/a
CVE-2013-4105 Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure MEDIUM Nov 5, 2019 n/a
CVE-2013-4104 Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol MEDIUM Nov 6, 2019 n/a
CVE-2013-4103 Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input HIGH Nov 6, 2019 n/a
CVE-2013-4102 Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness MEDIUM Nov 5, 2019 n/a
CVE-2013-4101 Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness MEDIUM Nov 8, 2019 n/a
CVE-2013-4100 Cryptocat before 2.0.22 has Remote Denial of Service via username MEDIUM Nov 5, 2019 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online