Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-20
Total 9170 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4549 2 Digia, Qt 2 Qt, Qt 2023-02-12 5.0 MEDIUM N/A
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
CVE-2013-4544 2 Canonical, Qemu 2 Ubuntu Linux, Qemu 2023-02-12 4.9 MEDIUM N/A
hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.
CVE-2013-4254 1 Linux 1 Linux Kernel 2023-02-12 6.9 MEDIUM N/A
The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.
CVE-2013-4180 2 Redhat, Theforeman 2 Openstack, Foreman 2023-02-12 5.0 MEDIUM N/A
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
CVE-2013-4270 1 Linux 1 Linux Kernel 2023-02-12 3.6 LOW N/A
The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.
CVE-2013-4129 1 Linux 1 Linux Kernel 2023-02-12 4.7 MEDIUM N/A
The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c.
CVE-2013-2232 1 Linux 1 Linux Kernel 2023-02-12 4.9 MEDIUM N/A
The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.
CVE-2013-2230 1 Redhat 1 Libvirt 2023-02-12 4.0 MEDIUM N/A
The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."
CVE-2013-4111 2 Openstack, Opensuse 2 Python Glanceclient, Opensuse 2023-02-12 5.8 MEDIUM N/A
The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-1943 3 Canonical, Linux, Redhat 4 Ubuntu Linux, Linux Kernel, Enterprise Linux and 1 more 2023-02-12 4.4 MEDIUM 7.8 HIGH
The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.
CVE-2013-2140 1 Linux 1 Linux Kernel 2023-02-12 3.8 LOW N/A
The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.
CVE-2013-0290 1 Linux 1 Linux Kernel 2023-02-12 4.9 MEDIUM N/A
The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application.
CVE-2013-1892 2 Mongodb, Redhat 2 Mongodb, Enterprise Mrg 2023-02-12 6.0 MEDIUM N/A
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
CVE-2013-1854 2 Redhat, Rubyonrails 3 Enterprise Linux, Rails, Ruby On Rails 2023-02-12 5.0 MEDIUM N/A
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
CVE-2013-1828 1 Linux 1 Linux Kernel 2023-02-12 6.9 MEDIUM N/A
The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.
CVE-2013-1798 1 Linux 1 Linux Kernel 2023-02-12 6.2 MEDIUM N/A
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.
CVE-2013-1848 1 Linux 1 Linux Kernel 2023-02-12 6.2 MEDIUM N/A
fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.
CVE-2013-1819 1 Linux 1 Linux Kernel 2023-02-12 4.6 MEDIUM N/A
The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map.
CVE-2013-1763 1 Linux 1 Linux Kernel 2023-02-12 7.2 HIGH N/A
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
CVE-2013-0221 2 Opensuse, Redhat 2 Opensuse, Enterprise Linux 2023-02-12 4.3 MEDIUM N/A
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.