Vulnerabilities > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-01-24 | CVE-2014-1447 | Race Condition vulnerability in Redhat Libvirt Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. | 3.3 |
2014-01-24 | CVE-2013-2192 | Improper Authentication vulnerability in Apache Hadoop The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication. | 3.2 |
2014-01-24 | CVE-2013-1853 | Cryptographic Issues vulnerability in Almanah Project Almanah 0.10.0/0.9.0 Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database. | 2.1 |
2014-01-23 | CVE-2013-7048 | Permissions, Privileges, and Access Controls vulnerability in Openstack Nova OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots. | 3.3 |
2014-01-23 | CVE-2013-5371 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager 6.3.1/6.4.0 The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. | 2.1 |
2014-01-23 | CVE-2014-0979 | Local Denial of Service vulnerability in LightDM GTK+ Greeter The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username. | 2.1 |
2014-01-21 | CVE-2013-1923 | Information Exposure vulnerability in Linux-Nfs Nfs-Utils rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks. | 3.2 |
2014-01-21 | CVE-2013-0157 | Information Exposure vulnerability in Kernel Util-Linux 2.14.1/2.17.2 (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. | 2.1 |
2014-01-21 | CVE-2013-5429 | Improper Authentication vulnerability in IBM Tivoli Federated Identity Manager The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token. | 2.1 |
2014-01-21 | CVE-2010-5297 | Permissions, Privileges, and Access Controls vulnerability in Wordpress WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. | 2.1 |