Total
11483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4513 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | N/A |
| Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation. | |||||
| CVE-2013-4527 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
| Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. | |||||
| CVE-2013-4541 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
| The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. | |||||
| CVE-2013-4539 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. | |||||
| CVE-2013-4540 | 2 Opensuse, Qemu | 2 Opensuse, Qemu | 2023-02-12 | 7.5 HIGH | N/A |
| Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. | |||||
| CVE-2013-4531 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
| Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image. | |||||
| CVE-2013-4538 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. | |||||
| CVE-2013-4297 | 1 Redhat | 1 Libvirt | 2023-02-12 | 4.0 MEDIUM | N/A |
| The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. | |||||
| CVE-2013-4408 | 1 Samba | 1 Samba | 2023-02-12 | 8.3 HIGH | N/A |
| Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. | |||||
| CVE-2013-4312 | 2 Linux, Oracle | 2 Linux Kernel, Linux | 2023-02-12 | 4.9 MEDIUM | 6.2 MEDIUM |
| The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. | |||||
| CVE-2013-4387 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 6.1 MEDIUM | N/A |
| net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet. | |||||
| CVE-2013-4458 | 2 Gnu, Suse | 3 Glibc, Linux Enterprise Debuginfo, Linux Enterprise Server | 2023-02-12 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. | |||||
| CVE-2013-4239 | 1 Redhat | 1 Libvirt | 2023-02-12 | 4.0 MEDIUM | N/A |
| The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function. | |||||
| CVE-2013-4231 | 1 Libtiff | 1 Libtiff | 2023-02-12 | 4.3 MEDIUM | N/A |
| Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. | |||||
| CVE-2013-4237 | 1 Gnu | 1 Glibc | 2023-02-12 | 6.8 MEDIUM | N/A |
| sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. | |||||
| CVE-2013-4179 | 1 Openstack | 2 Compute, Havana | 2023-02-12 | 4.3 MEDIUM | N/A |
| The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664. | |||||
| CVE-2013-4244 | 1 Libtiff | 1 Libtiff | 2023-02-12 | 6.8 MEDIUM | N/A |
| The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. | |||||
| CVE-2013-4243 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2023-02-12 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. | |||||
| CVE-2013-4282 | 2 Redhat, Spice Project | 3 Enterprise Linux, Enterprise Virtualization, Spice | 2023-02-12 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket. | |||||
| CVE-2013-2237 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 2.1 LOW | N/A |
| The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. | |||||