CVE List 2013

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2013-7458
3.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Low redis linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. August 10, 2016, 09:08 am
CVE-2013-7446
5.4 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. December 28, 2015, 05:12 am
CVE-2013-7445
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox. October 15, 2015, 20:10 pm
CVE-2013-7443
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium sqlite Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. August 12, 2015, 09:08 am
CVE-2013-7441
7.8 MV Product/Version
affected:
CGE 7.0 In progress
CGE 5.1 In progress
High nbd The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export. May 29, 2015, 10:05 am
CVE-2013-7440
5.9 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal python The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. June 7, 2016, 13:06 pm
CVE-2013-7439
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious x11 libx11 Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow. April 16, 2015, 09:04 am
CVE-2013-7424
5.1 MV Product/Version
affected:
CGE 4.0 Resolved
Medium glibc The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. August 26, 2015, 14:08 pm
CVE-2013-7423
5.0 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
Medium glibc The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. February 24, 2015, 09:02 am
CVE-2013-7422
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
Serious perl Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. August 16, 2015, 18:08 pm
CVE-2013-7421
2.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
Low kernel The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. March 2, 2015, 05:03 am
CVE-2013-7393
2.4 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low subversion The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3). July 28, 2014, 14:07 pm
CVE-2013-7354
5.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal libpng Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. May 6, 2014, 09:05 am
CVE-2013-7353
5.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal libpng Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. May 6, 2014, 09:05 am
CVE-2013-7348
4.6 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function. April 1, 2014, 01:04 am
CVE-2013-7345
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium file The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. March 24, 2014, 11:03 am
CVE-2013-7339
4.7 MV Product/Version
affected:
MVL6 Kernel 2.6.30 Resolved
Professional PRO 5.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
CGE 7.0 Resolved
Medium kernel The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. March 24, 2014, 11:03 am
CVE-2013-7338
7.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
Serious python Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. April 22, 2014, 09:04 am
CVE-2013-7336
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
Low libvirt The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function. May 7, 2014, 05:05 am
CVE-2013-7328
5.8 MV Product/Version
affected:
Normal php Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226. February 18, 2014, 05:02 am
CVE-2013-7327
6.8 MV Product/Version
affected:
Normal php The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226. February 18, 2014, 05:02 am
CVE-2013-7281
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. January 8, 2014, 10:01 am
CVE-2013-7271
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. January 6, 2014, 10:01 am
CVE-2013-7270
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
Medium kernel The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. January 6, 2014, 10:01 am
CVE-2013-7269
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGE 7.0 Resolved
Medium kernel The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. January 6, 2014, 10:01 am
CVE-2013-7268
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGE 7.0 Resolved
Medium kernel The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. January 6, 2014, 10:01 am
CVE-2013-7267
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.28 Resolved
CGE 7.0 Resolved
Medium kernel The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. January 6, 2014, 10:01 am
CVE-2013-7266
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.28 Resolved
Medium kernel The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. January 6, 2014, 10:01 am
CVE-2013-7265
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Medium kernel The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. January 6, 2014, 10:01 am
CVE-2013-7264
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Medium kernel The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. January 6, 2014, 10:01 am
CVE-2013-7263
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
CGE 7.0 Resolved
Medium kernel The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. January 6, 2014, 10:01 am
CVE-2013-7226
6.8 MV Product/Version
affected:
Normal php Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow. February 18, 2014, 05:02 am
CVE-2013-7114
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet. December 19, 2013, 16:12 pm
CVE-2013-7113
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. December 19, 2013, 16:12 pm
CVE-2013-7112
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. December 19, 2013, 16:12 pm
CVE-2013-7040
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
Medium python Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150. May 19, 2014, 09:05 am
CVE-2013-7027
6.1 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. December 9, 2013, 12:12 pm
CVE-2013-7026
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls. December 9, 2013, 12:12 pm
CVE-2013-6954
5.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal libpng The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. January 12, 2014, 12:01 pm
CVE-2013-6891
1.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Low cups lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. January 25, 2014, 19:01 pm
CVE-2013-6885
4.7 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
Medium kernel The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. November 28, 2013, 22:11 pm
CVE-2013-6763
6.9 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
CGE 7.0 Resolved
Medium kernel The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511. November 12, 2013, 08:11 am
CVE-2013-6712
5.0 MV Product/Version
affected:
Normal php The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. November 27, 2013, 22:11 pm
CVE-2013-6501
4.6 MV Product/Version
affected:
Normal php The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c. March 30, 2015, 05:03 am
CVE-2013-6462
9.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Critical libxfont Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file. January 9, 2014, 12:01 pm
CVE-2013-6458
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
Medium libvirt Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command. January 24, 2014, 12:01 pm
CVE-2013-6457
5.2 MV Product/Version
affected:
CGE 7.0 Resolved
Medium libvirt The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command. January 24, 2014, 12:01 pm
CVE-2013-6456
5.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal libvirt The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to paths under /proc/$PID/root and the virInitctlSetRunLevel function. April 15, 2014, 18:04 pm
CVE-2013-6450
5.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium openssl The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. January 1, 2014, 10:01 am
CVE-2013-6449
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
Medium openssl The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. December 23, 2013, 16:12 pm
CVE-2013-6442
5.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal samba The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change. March 14, 2014, 05:03 am
CVE-2013-6441
7.2 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious lxc The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file. February 14, 2014, 09:02 am
CVE-2013-6438
5.0 MV Product/Version
affected:
Normal apache2 The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. March 18, 2014, 00:03 am
CVE-2013-6436
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Low libvirt The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the virsh memtune command. January 7, 2014, 13:01 pm
CVE-2013-6435
7.6 MV Product/Version
affected:
CGE 4.0 Resolved
High rpm Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. December 16, 2014, 12:12 pm
CVE-2013-6432
4.6 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application. December 9, 2013, 12:12 pm
CVE-2013-6431
4.7 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Medium kernel The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for an IPv6 SIOCADDRT ioctl call. December 9, 2013, 12:12 pm
CVE-2013-6425
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal pixman cairo Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. January 18, 2014, 13:01 pm
CVE-2013-6422
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal libcurl The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. December 23, 2013, 16:12 pm
CVE-2013-6420
7.5 MV Product/Version
affected:
Serious php The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. December 16, 2013, 22:12 pm
CVE-2013-6412
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal augeas The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a 7, which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors. January 22, 2014, 18:01 pm
CVE-2013-6410
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious nbd nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file. December 7, 2013, 14:12 pm
CVE-2013-6399
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. November 4, 2014, 15:11 pm
CVE-2013-6393
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
Medium libyaml The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. February 6, 2014, 16:02 pm
CVE-2013-6383
6.9 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 In progress
CGE 5.1 Resolved
CGE 7.0 Resolved
Medium kernel The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. November 26, 2013, 22:11 pm
CVE-2013-6382
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Medium kernel Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. November 26, 2013, 22:11 pm
CVE-2013-6381
6.9 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Medium kernel Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size. November 26, 2013, 22:11 pm
CVE-2013-6380
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Medium kernel The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. November 26, 2013, 22:11 pm
CVE-2013-6379
0 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 Resolved
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4513. Reason: This candidate is a duplicate of CVE-2013-4513. Notes: All CVE users should reference CVE-2013-4513 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. November 25, 2013, 09:11 am
CVE-2013-6378
4.4 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
CGE 7.0 Resolved
Medium kernel The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. November 26, 2013, 22:11 pm
CVE-2013-6376
5.2 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. December 14, 2013, 12:12 pm
CVE-2013-6371
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal json-c The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. April 22, 2014, 08:04 am
CVE-2013-6370
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal json-c Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. April 22, 2014, 08:04 am
CVE-2013-6368
6.2 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
Medium kernel The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. December 14, 2013, 12:12 pm
CVE-2013-6367
5.7 MV Product/Version
affected:
CGE 6.0 Resolved
MVL6 Kernel 2.6.28 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium kernel The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. December 14, 2013, 12:12 pm
CVE-2013-6340
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Normal wireshark epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. November 4, 2013, 10:11 am
CVE-2013-6339
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (loop) via a crafted packet. November 4, 2013, 10:11 am
CVE-2013-6338
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. November 4, 2013, 10:11 am
CVE-2013-6337
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. November 4, 2013, 10:11 am
CVE-2013-6336
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. November 4, 2013, 10:11 am
CVE-2013-6335
2.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Low kernel The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. August 26, 2014, 05:08 am
CVE-2013-6282
7.2 MV Product/Version
affected:
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
High kernel The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013. November 20, 2013, 07:11 am
CVE-2013-6230
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
Medium bind The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask. November 7, 2013, 22:11 pm
CVE-2013-6076
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal strongswan strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet. November 2, 2013, 13:11 pm
CVE-2013-6075
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium strongswan The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an insufficient length check during identity comparison. November 2, 2013, 13:11 pm
CVE-2013-6051
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal quagga The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update. December 14, 2013, 11:12 am
CVE-2013-5908
2.6 MV Product/Version
affected:
Low mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. January 15, 2014, 10:01 am
CVE-2013-5894
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. January 15, 2014, 10:01 am
CVE-2013-5891
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. January 15, 2014, 10:01 am
CVE-2013-5882
6.8 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures. January 15, 2014, 10:01 am
CVE-2013-5881
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431. January 15, 2014, 10:01 am
CVE-2013-5860
6.8 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. January 15, 2014, 10:01 am
CVE-2013-5807
4.9 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication. October 16, 2013, 12:10 pm
CVE-2013-5793
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5786. October 16, 2013, 12:10 pm
CVE-2013-5786
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5793. October 16, 2013, 10:10 am
CVE-2013-5770
2.1 MV Product/Version
affected:
Low mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking. October 16, 2013, 10:10 am
CVE-2013-5767
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. October 16, 2013, 10:10 am
CVE-2013-5722
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal wireshark Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. September 16, 2013, 08:09 am
CVE-2013-5721
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. September 16, 2013, 08:09 am
CVE-2013-5720
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. September 16, 2013, 08:09 am
CVE-2013-5719
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. September 16, 2013, 08:09 am
CVE-2013-5718
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. September 16, 2013, 08:09 am
CVE-2013-5717
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c. September 16, 2013, 08:09 am
CVE-2013-5651
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal libvirt The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune. September 30, 2013, 16:09 pm
CVE-2013-5634
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call. September 25, 2013, 05:09 am
CVE-2013-5607
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High firefox Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. November 20, 2013, 08:11 am
CVE-2013-5606
5.8 MV Product/Version
affected:
CGE 7.0 Resolved
Medium nss The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. November 17, 2013, 23:11 pm
CVE-2013-5228
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
Normal webkit WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. December 18, 2013, 10:12 am
CVE-2013-5225
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
Normal webkit WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. December 18, 2013, 10:12 am
CVE-2013-5211
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
Professional PRO 5.0.24 Resolved
Medium ntp The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. January 2, 2014, 08:01 am
CVE-2013-5199
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
Normal webkit WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. December 18, 2013, 10:12 am
CVE-2013-5198
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
Normal webkit WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. December 18, 2013, 10:12 am
CVE-2013-5197
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
Normal webkit WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. December 18, 2013, 10:12 am
CVE-2013-5196
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
Normal webkit WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. December 18, 2013, 10:12 am
CVE-2013-5195
6.8 MV Product/Version
affected:
CGX 1.8 Resolved
Normal webkit WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. December 18, 2013, 10:12 am
CVE-2013-5029
4.3 MV Product/Version
affected:
Normal phpmyadmin phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. August 19, 2013, 18:08 pm
CVE-2013-5018
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
Medium strongswan The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow. August 28, 2013, 18:08 pm
CVE-2013-5003
6.5 MV Product/Version
affected:
Normal phpmyadmin Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php. July 31, 2013, 08:07 am
CVE-2013-5002
3.5 MV Product/Version
affected:
Low phpmyadmin Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php. July 31, 2013, 08:07 am
CVE-2013-5001
3.5 MV Product/Version
affected:
Low phpmyadmin Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link. July 31, 2013, 08:07 am
CVE-2013-5000
5.0 MV Product/Version
affected:
Normal phpmyadmin phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files. July 31, 2013, 08:07 am
CVE-2013-4999
5.0 MV Product/Version
affected:
Normal phpmyadmin phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. July 31, 2013, 08:07 am
CVE-2013-4998
5.0 MV Product/Version
affected:
Normal phpmyadmin phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files. July 31, 2013, 08:07 am
CVE-2013-4997
4.3 MV Product/Version
affected:
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value. July 31, 2013, 08:07 am
CVE-2013-4996
4.3 MV Product/Version
affected:
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file. July 31, 2013, 08:07 am
CVE-2013-4995
3.5 MV Product/Version
affected:
Low phpmyadmin Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information. July 31, 2013, 08:07 am
CVE-2013-4936
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PROFINET Real-Time dissector in Wireshark 1.10.x before 1.10.1 does not validate MAC addresses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. July 29, 2013, 19:07 pm
CVE-2013-4935
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. July 29, 2013, 19:07 pm
CVE-2013-4934
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. July 29, 2013, 19:07 pm
CVE-2013-4933
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet-trace file. July 29, 2013, 19:07 pm
CVE-2013-4932
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark Multiple array index errors in epan/dissectors/packet-gsm_a_common.c in the GSM A Common dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allow remote attackers to cause a denial of service (application crash) via a crafted packet. July 29, 2013, 19:07 pm
CVE-2013-4931
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop) via a crafted packet that is not properly handled by the GSM RR dissector. July 29, 2013, 19:07 pm
CVE-2013-4930
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. July 29, 2013, 19:07 pm
CVE-2013-4929
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Serious wireshark The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service (loop) via a crafted packet. July 29, 2013, 19:07 pm
CVE-2013-4928
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. July 29, 2013, 19:07 pm
CVE-2013-4927
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark Integer signedness error in the get_type_length function in epan/dissectors/packet-btsdp.c in the Bluetooth SDP dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. July 29, 2013, 19:07 pm
CVE-2013-4926
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. July 29, 2013, 19:07 pm
CVE-2013-4925
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet. July 29, 2013, 19:07 pm
CVE-2013-4924
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. July 29, 2013, 19:07 pm
CVE-2013-4923
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal wireshark Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. July 29, 2013, 19:07 pm
CVE-2013-4922
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. July 29, 2013, 19:07 pm
CVE-2013-4921
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet. July 29, 2013, 19:07 pm
CVE-2013-4920
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. July 29, 2013, 19:07 pm
CVE-2013-4885
6.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal nmap The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload arbitrarily named files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences. October 26, 2013, 12:10 pm
CVE-2013-4854
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
High bind The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. July 29, 2013, 08:07 am
CVE-2013-4788
5.1 MV Product/Version
affected:
CGE 7.0 Resolved
Medium eglibc The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. October 4, 2013, 12:10 pm
CVE-2013-4729
5.5 MV Product/Version
affected:
Normal phpmyadmin import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request. July 4, 2013, 09:07 am
CVE-2013-4636
4.3 MV Product/Version
affected:
Normal php The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object. June 21, 2013, 16:06 pm
CVE-2013-4635
5.0 MV Product/Version
affected:
Normal php Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function. June 21, 2013, 16:06 pm
CVE-2013-4598
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal gcc The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. May 27, 2014, 09:05 am
CVE-2013-4592
4.0 MV Product/Version
affected:
MVL6 Kernel 2.6.27 In progress
Medium kernel Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. November 20, 2013, 07:11 am
CVE-2013-4591
6.2 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. November 20, 2013, 07:11 am
CVE-2013-4588
6.6 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
Medium kernel Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. November 20, 2013, 07:11 am
CVE-2013-4587
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
High kernel Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. December 14, 2013, 12:12 pm
CVE-2013-4579
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 In progress
Medium kernel The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. November 20, 2013, 07:11 am
CVE-2013-4577
2.1 MV Product/Version
affected:
Low grub A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file. May 12, 2014, 09:05 am
CVE-2013-4576
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
Low gnupg GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE. December 20, 2013, 15:12 pm
CVE-2013-4563
7.1 MV Product/Version
affected:
CGE 7.0 Resolved
High kernel The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline. November 20, 2013, 07:11 am
CVE-2013-4560
2.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low lighttpd Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. November 20, 2013, 08:11 am
CVE-2013-4559
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious lighttpd lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. November 20, 2013, 08:11 am
CVE-2013-4558
3.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Low subversion The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /. December 7, 2013, 14:12 pm
CVE-2013-4549
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal qt QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. December 23, 2013, 16:12 pm
CVE-2013-4548
6.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 5.1 Resolved
Medium openssh The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address. November 8, 2013, 09:11 am
CVE-2013-4547
7.5 MV Product/Version
affected:
Serious nginx nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. November 23, 2013, 12:11 pm
CVE-2013-4545
4.3 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
CGE 7.0 Resolved
Medium curl cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. November 23, 2013, 05:11 am
CVE-2013-4544
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Medium qemu hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information. May 8, 2014, 09:05 am
CVE-2013-4542
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds array access. November 4, 2014, 15:11 pm
CVE-2013-4541
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value. November 4, 2014, 15:11 pm
CVE-2013-4540
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm image. November 4, 2014, 15:11 pm
CVE-2013-4539
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision, (3) function, or (4) nextfunction value in a savevm image. November 4, 2014, 15:11 pm
CVE-2013-4538
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted (1) cmd_len, (2) row, or (3) col values; (4) row_start and row_end values; or (5) col_star and col_end values in a savevm image. November 4, 2014, 15:11 pm
CVE-2013-4537
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. November 4, 2014, 15:11 pm
CVE-2013-4534
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements. November 4, 2014, 15:11 pm
CVE-2013-4533
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image. November 4, 2014, 15:11 pm
CVE-2013-4531
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len in a savevm image. November 4, 2014, 15:11 pm
CVE-2013-4530
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a savevm image. November 4, 2014, 15:11 pm
CVE-2013-4529
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image. November 4, 2014, 15:11 pm
CVE-2013-4527
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers. November 4, 2014, 15:11 pm
CVE-2013-4526
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports. November 4, 2014, 15:11 pm
CVE-2013-4520
4.3 MV Product/Version
affected:
Medium libxslt xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. December 14, 2013, 14:12 pm
CVE-2013-4516
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. November 12, 2013, 08:11 am
CVE-2013-4515
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. November 12, 2013, 08:11 am
CVE-2013-4514
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. November 12, 2013, 08:11 am
CVE-2013-4513
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation. November 12, 2013, 08:11 am
CVE-2013-4512
4.7 MV Product/Version
affected:
CGE 5.1 Resolved
CGE 7.0 Resolved
Medium kernel Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation. November 12, 2013, 08:11 am
CVE-2013-4511
6.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Medium kernel Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. November 12, 2013, 08:11 am
CVE-2013-4508
5.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal lighttpd lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. November 7, 2013, 22:11 pm
CVE-2013-4505
2.6 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low subversion The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. December 7, 2013, 14:12 pm
CVE-2013-4496
5.0 MV Product/Version
affected:
Medium samba Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts. March 14, 2014, 05:03 am
CVE-2013-4487
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal gnutls Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. November 20, 2013, 08:11 am
CVE-2013-4483
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. November 4, 2013, 09:11 am
CVE-2013-4476
1.2 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
Low samba Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller. November 13, 2013, 09:11 am
CVE-2013-4475
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal samba Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). November 13, 2013, 09:11 am
CVE-2013-4470
6.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
Medium kernel The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. November 4, 2013, 09:11 am
CVE-2013-4466
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal gnutls Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. November 20, 2013, 08:11 am
CVE-2013-4458
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 6.0 Resolved
Medium glibc Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. December 12, 2013, 12:12 pm
CVE-2013-4450
5.0 MV Product/Version
affected:
Normal nodejs The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response. October 21, 2013, 12:10 pm
CVE-2013-4449
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal openldap The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. February 5, 2014, 12:02 pm
CVE-2013-4408
8.3 MV Product/Version
affected:
High samba Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet. December 10, 2013, 00:12 am
CVE-2013-4402
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal gnupg The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message. October 28, 2013, 17:10 pm
CVE-2013-4401
8.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
High libvirt The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information. November 2, 2013, 13:11 pm
CVE-2013-4400
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious libvirt virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. December 9, 2013, 10:12 am
CVE-2013-4399
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal libvirt The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection. December 12, 2014, 09:12 am
CVE-2013-4394
5.9 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.0 Resolved
Normal systemd The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving special and control characters. October 28, 2013, 17:10 pm
CVE-2013-4393
2.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Low systemd journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor. October 28, 2013, 17:10 pm
CVE-2013-4392
3.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Low systemd systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. October 28, 2013, 17:10 pm
CVE-2013-4391
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious systemd Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow. October 28, 2013, 17:10 pm
CVE-2013-4387
6.1 MV Product/Version
affected:
Professional PRO 5.0 Resolved
CGE 6.0 Resolved
Professional PRO 5.0.24 Resolved
CGE 7.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
Medium kernel net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet. October 10, 2013, 05:10 am
CVE-2013-4377
2.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low qemu Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by hot-unplugging a virtio device. October 11, 2013, 17:10 pm
CVE-2013-4375
2.7 MV Product/Version
affected:
CGE 7.0 Resolved
Low qemu The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors. January 19, 2014, 12:01 pm
CVE-2013-4363
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal ruby Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287. October 17, 2013, 18:10 pm
CVE-2013-4359
5.0 MV Product/Version
affected:
CGE 5.1 Resolved
CGE 7.0 Resolved
Medium proftpd Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation. September 30, 2013, 16:09 pm
CVE-2013-4358
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium ffmpeg libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data. December 24, 2013, 13:12 pm
CVE-2013-4353
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
Medium openssl The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. January 8, 2014, 19:01 pm
CVE-2013-4351
5.8 MV Product/Version
affected:
CGE 7.0 Resolved
Medium gnupg GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey. October 9, 2013, 19:10 pm
CVE-2013-4350
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network. September 25, 2013, 05:09 am
CVE-2013-4348
7.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
High kernel The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation. November 4, 2013, 09:11 am
CVE-2013-4345
5.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium enterprise_mrg Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. October 10, 2013, 05:10 am
CVE-2013-4344
6.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
Normal qemu Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a REPORT LUNS command. October 4, 2013, 12:10 pm
CVE-2013-4343
6.9 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call. September 25, 2013, 05:09 am
CVE-2013-4342
7.6 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
CGE 5.1 Resolved
High xinetd xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. October 9, 2013, 19:10 pm
CVE-2013-4332
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
Medium glibc Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. October 9, 2013, 17:10 pm
CVE-2013-4327
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
Normal systemd systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. October 3, 2013, 16:10 pm
CVE-2013-4312
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 Resolved
CGX 2.0 Resolved
kernel The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. February 7, 2016, 21:02 pm
CVE-2013-4311
4.6 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal libvirt libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. October 3, 2013, 16:10 pm
CVE-2013-4300
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
High kernel The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing. September 25, 2013, 05:09 am
CVE-2013-4299
6.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. October 24, 2013, 05:10 am
CVE-2013-4297
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal libvirt The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors. September 30, 2013, 16:09 pm
CVE-2013-4296
4.0 MV Product/Version
affected:
Medium libvirt The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call. September 30, 2013, 16:09 pm
CVE-2013-4292
2.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low libvirt libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c. September 30, 2013, 16:09 pm
CVE-2013-4291
6.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal libvirt The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges. September 30, 2013, 16:09 pm
CVE-2013-4288
7.2 MV Product/Version
affected:
Serious polkit Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck. October 3, 2013, 16:10 pm
CVE-2013-4287
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal ruby Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. October 17, 2013, 18:10 pm
CVE-2013-4277
3.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low subversion Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. September 16, 2013, 14:09 pm
CVE-2013-4270
3.6 MV Product/Version
affected:
CGE 7.0 Resolved
Low kernel The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application. December 9, 2013, 12:12 pm
CVE-2013-4262
2.4 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Low subversion svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393. July 28, 2014, 14:07 pm
CVE-2013-4254
6.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Normal kernel The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event. August 24, 2013, 22:08 pm
CVE-2013-4248
4.3 MV Product/Version
affected:
Normal php The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. August 17, 2013, 21:08 pm
CVE-2013-4247
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel Off-by-one error in the build_unc_path_to_root function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service (memory corruption and system crash) via a DFS share mount operation that triggers use of an unexpected DFS referral name length. August 24, 2013, 22:08 pm
CVE-2013-4246
8.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious subversion libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties. October 30, 2017, 09:10 am
CVE-2013-4244
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium tiff The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image. September 28, 2013, 14:09 pm
CVE-2013-4243
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
Medium tiff Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. September 10, 2013, 14:09 pm
CVE-2013-4242
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
Low gnupg GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. August 19, 2013, 18:08 pm
CVE-2013-4239
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal libvirt The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function. September 30, 2013, 16:09 pm
CVE-2013-4238
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium python The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. August 17, 2013, 21:08 pm
CVE-2013-4237
6.8 MV Product/Version
affected:
Medium glibc sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. October 9, 2013, 17:10 pm
CVE-2013-4232
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
Medium tiff Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. September 10, 2013, 14:09 pm
CVE-2013-4231
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Medium tiff Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. January 19, 2014, 11:01 am
CVE-2013-4220
4.9 MV Product/Version
affected:
Medium kernel The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel before 3.9.5 on the ARM64 platform allows local users to cause a denial of service (system crash) via vectors involving an attempted register access that triggers an unexpected value in the Exception Syndrome Register (ESR). August 24, 2013, 22:08 pm
CVE-2013-4205
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call. August 24, 2013, 22:08 pm
CVE-2013-4164
6.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal ruby Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. November 23, 2013, 13:11 pm
CVE-2013-4163
4.7 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
Medium kernel The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. July 29, 2013, 08:07 am
CVE-2013-4162
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
Medium kernel The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. July 29, 2013, 08:07 am
CVE-2013-4159
7.5 MV Product/Version
affected:
Serious ctdb ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to several temp file vulnerabilities in (1) tcp/tcp_connect.c, (2) server/eventscript.c, (3) tools/ctdb_diagnostics, (4) config/gdb_backtrace, and (5) include/ctdb_private.h. August 6, 2014, 13:08 pm
CVE-2013-4154
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal libvirt The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to agent based cpu (un)plug, as demonstrated by the virsh vcpucount foobar --guest command. September 30, 2013, 16:09 pm
CVE-2013-4153
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal libvirt Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the virsh vcpucount dom --guest command. September 30, 2013, 16:09 pm
CVE-2013-4151
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. November 4, 2014, 15:11 pm
CVE-2013-4150
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in which the value of curr_queues is greater than max_queues, which triggers an out-of-bounds write. November 4, 2014, 15:11 pm
CVE-2013-4149
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table. November 4, 2014, 15:11 pm
CVE-2013-4148
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High qemu Integer signedness error in the virtio_net_load function in hw/net/virtio-net.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers a buffer overflow. November 4, 2014, 15:11 pm
CVE-2013-4131
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal subversion The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. July 31, 2013, 08:07 am
CVE-2013-4129
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service (BUG and system crash) via vectors involving the shutdown of a KVM virtual machine, related to net/bridge/br_mdb.c and net/bridge/br_multicast.c. July 29, 2013, 08:07 am
CVE-2013-4127
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine. July 29, 2013, 08:07 am
CVE-2013-4125
5.4 MV Product/Version
affected:
Medium kernel The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages. July 15, 2013, 15:07 pm
CVE-2013-4124
5.0 MV Product/Version
affected:
Medium samba Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. August 5, 2013, 21:08 pm
CVE-2013-4123
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium squid client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. September 16, 2013, 14:09 pm
CVE-2013-4122
4.3 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 In progress
Normal cyrus-sasl Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference. October 26, 2013, 19:10 pm
CVE-2013-4115
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High squid Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request. August 9, 2013, 17:08 pm
CVE-2013-4113
6.8 MV Product/Version
affected:
Medium php ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. July 13, 2013, 08:07 am
CVE-2013-4083
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. June 9, 2013, 16:06 pm
CVE-2013-4082
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. June 9, 2013, 16:06 pm
CVE-2013-4081
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. June 9, 2013, 16:06 pm
CVE-2013-4080
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors/packet-assa_r3.c in the Assa Abloy R3 dissector in Wireshark 1.8.x before 1.8.8 does not properly handle a zero-length item, which allows remote attackers to cause a denial of service (infinite loop, and CPU and memory consumption) via a crafted packet. June 9, 2013, 16:06 pm
CVE-2013-4079
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite loop and application hang) via a crafted packet. June 9, 2013, 16:06 pm
CVE-2013-4078
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. June 9, 2013, 16:06 pm
CVE-2013-4077
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. June 9, 2013, 16:06 pm
CVE-2013-4076
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet. June 9, 2013, 16:06 pm
CVE-2013-4075
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. June 9, 2013, 16:06 pm
CVE-2013-4074
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. June 9, 2013, 16:06 pm
CVE-2013-4073
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium ruby The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. August 17, 2013, 21:08 pm
CVE-2013-3919
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
High bind resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone. June 6, 2013, 08:06 am
CVE-2013-3839
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. October 16, 2013, 10:10 am
CVE-2013-3812
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. July 17, 2013, 08:07 am
CVE-2013-3811
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806. July 17, 2013, 08:07 am
CVE-2013-3810
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions. July 17, 2013, 08:07 am
CVE-2013-3809
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log. July 17, 2013, 08:07 am
CVE-2013-3808
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. July 17, 2013, 08:07 am
CVE-2013-3807
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges. July 17, 2013, 08:07 am
CVE-2013-3806
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811. July 17, 2013, 08:07 am
CVE-2013-3805
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements. July 17, 2013, 08:07 am
CVE-2013-3804
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. July 17, 2013, 08:07 am
CVE-2013-3802
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. July 17, 2013, 08:07 am
CVE-2013-3801
5.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. July 17, 2013, 08:07 am
CVE-2013-3798
5.8 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached. July 17, 2013, 08:07 am
CVE-2013-3796
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. July 17, 2013, 08:07 am
CVE-2013-3795
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. July 17, 2013, 08:07 am
CVE-2013-3794
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition. July 17, 2013, 08:07 am
CVE-2013-3793
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. July 17, 2013, 08:07 am
CVE-2013-3783
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. July 17, 2013, 08:07 am
CVE-2013-3742
3.5 MV Product/Version
affected:
Low phpmyadmin Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message. July 4, 2013, 09:07 am
CVE-2013-3735
5.0 MV Product/Version
affected:
Normal php ** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted function definition, as demonstrated by an attack within a shared web-hosting environment. NOTE: the vendors http://php.net/security-note.php page says for critical security situations you should be using OS-level security by running multiple web servers each as their own user id. May 31, 2013, 16:05 pm
CVE-2013-3674
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
Medium ffmpeg The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data. June 9, 2013, 22:06 pm
CVE-2013-3571
2.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Low socat socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions. May 8, 2014, 09:05 am
CVE-2013-3562
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet. May 24, 2013, 22:05 pm
CVE-2013-3561
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector. May 24, 2013, 22:05 pm
CVE-2013-3560
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. May 24, 2013, 22:05 pm
CVE-2013-3559
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. May 24, 2013, 22:05 pm
CVE-2013-3558
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. May 24, 2013, 22:05 pm
CVE-2013-3557
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. May 24, 2013, 22:05 pm
CVE-2013-3556
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal wireshark The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. May 24, 2013, 22:05 pm
CVE-2013-3555
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. May 24, 2013, 22:05 pm
CVE-2013-3302
4.4 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors involving a reconnection event. April 29, 2013, 09:04 am
CVE-2013-3301
7.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. April 29, 2013, 09:04 am
CVE-2013-3241
4.0 MV Product/Version
affected:
Normal phpmyadmin export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request. April 25, 2013, 22:04 pm
CVE-2013-3240
6.5 MV Product/Version
affected:
Normal phpmyadmin Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type. April 25, 2013, 22:04 pm
CVE-2013-3239
4.6 MV Product/Version
affected:
Normal phpmyadmin phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename. April 25, 2013, 22:04 pm
CVE-2013-3238
6.0 MV Product/Version
affected:
Normal phpmyadmin phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /ex00 sequence, which is not properly handled before making a preg_replace function call within the Replace table prefix feature. April 25, 2013, 22:04 pm
CVE-2013-3237
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3236
4.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3235
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
MVL6 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
Medium kernel net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3234
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3233
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3232
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3231
4.7 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3230
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3229
4.9 MV Product/Version
affected:
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.24 Resolved
Medium kernel The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3228
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3227
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3226
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3225
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3224
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
Medium kernel The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3223
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3222
4.9 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
Medium kernel The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. April 22, 2013, 06:04 am
CVE-2013-3076
4.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. April 22, 2013, 06:04 am
CVE-2013-2944
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Medium strongswan strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. May 2, 2013, 09:05 am
CVE-2013-2930
3.6 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Low kernel The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. December 9, 2013, 12:12 pm
CVE-2013-2929
3.3 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Low kernel The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. December 9, 2013, 12:12 pm
CVE-2013-2924
7.5 MV Product/Version
affected:
High chrome Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. October 2, 2013, 05:10 am
CVE-2013-2899
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. September 16, 2013, 08:09 am
CVE-2013-2898
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
Low kernel drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device. September 16, 2013, 08:09 am
CVE-2013-2897
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. September 16, 2013, 08:09 am
CVE-2013-2896
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. September 16, 2013, 08:09 am
CVE-2013-2895
5.4 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device. September 16, 2013, 08:09 am
CVE-2013-2894
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. September 16, 2013, 08:09 am
CVE-2013-2893
4.7 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
CGE 7.0 Resolved
Medium kernel The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. September 16, 2013, 08:09 am
CVE-2013-2892
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium kernel drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. September 16, 2013, 08:09 am
CVE-2013-2891
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. September 16, 2013, 08:09 am
CVE-2013-2890
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
Medium kernel drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SONY is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. September 16, 2013, 08:09 am
CVE-2013-2889
4.7 MV Product/Version
affected:
Professional PRO 5.0 Resolved
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
Medium kernel drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. September 16, 2013, 08:09 am
CVE-2013-2888
6.2 MV Product/Version
affected:
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Medium kernel Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. September 16, 2013, 08:09 am
CVE-2013-2877
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium chrome parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. July 10, 2013, 05:07 am
CVE-2013-2852
6.9 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
Medium kernel Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. June 7, 2013, 09:06 am
CVE-2013-2851
6.0 MV Product/Version
affected:
Professional PRO 5.0 Resolved
CGE 7.0 Resolved
Professional PRO 5.0 Resolved
CGE 6.0 Resolved
Medium kernel Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. June 7, 2013, 09:06 am
CVE-2013-2850
7.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. June 7, 2013, 09:06 am
CVE-2013-2777
4.4 MV Product/Version
affected:
CGE 6.0 Resolved
Medium sudo sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. April 8, 2013, 12:04 pm
CVE-2013-2776
4.4 MV Product/Version
affected:
CGE 6.0 Resolved
Medium sudo sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. April 8, 2013, 12:04 pm
CVE-2013-2636
1.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low kernel net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. March 22, 2013, 06:03 am
CVE-2013-2635
1.9 MV Product/Version
affected:
Low kernel The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. March 22, 2013, 06:03 am
CVE-2013-2634
1.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low kernel net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. March 22, 2013, 06:03 am
CVE-2013-2617
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious curl lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. March 20, 2013, 17:03 pm
CVE-2013-2596
6.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. April 12, 2013, 21:04 pm
CVE-2013-2566
4.3 MV Product/Version
affected:
openssl The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. March 15, 2013, 16:03 pm
CVE-2013-2548
2.1 MV Product/Version
affected:
Low enterprise_mrg The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. March 15, 2013, 15:03 pm
CVE-2013-2547
2.1 MV Product/Version
affected:
Low enterprise_mrg The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. March 15, 2013, 15:03 pm
CVE-2013-2546
2.1 MV Product/Version
affected:
Low enterprise_mrg The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. March 15, 2013, 15:03 pm
CVE-2013-2494
4.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal dhcp libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266. March 28, 2013, 11:03 am
CVE-2013-2488
5.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location. March 7, 2013, 09:03 am
CVE-2013-2487
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486. March 7, 2013, 09:03 am
CVE-2013-2486
6.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet. March 7, 2013, 09:03 am
CVE-2013-2485
6.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal wireshark The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. March 7, 2013, 09:03 am
CVE-2013-2484
3.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low wireshark The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. March 7, 2013, 09:03 am
CVE-2013-2483
3.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low wireshark The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data. March 7, 2013, 09:03 am
CVE-2013-2482
6.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. March 7, 2013, 09:03 am
CVE-2013-2481
2.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low wireshark Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. March 7, 2013, 09:03 am
CVE-2013-2480
3.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low wireshark The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. March 7, 2013, 09:03 am
CVE-2013-2479
3.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Low wireshark The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data. March 7, 2013, 09:03 am
CVE-2013-2478
3.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low wireshark The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded characters in a string. March 7, 2013, 09:03 am
CVE-2013-2477
3.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low wireshark The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. March 7, 2013, 09:03 am
CVE-2013-2476
6.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal wireshark The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short. March 7, 2013, 09:03 am
CVE-2013-2475
3.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low wireshark The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. March 7, 2013, 09:03 am
CVE-2013-2461
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious openjdk Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm. June 18, 2013, 17:06 pm
CVE-2013-2395
6.8 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567. April 17, 2013, 12:04 pm
CVE-2013-2392
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. April 17, 2013, 12:04 pm
CVE-2013-2391
3.0 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install. April 17, 2013, 12:04 pm
CVE-2013-2389
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. April 17, 2013, 12:04 pm
CVE-2013-2381
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges. April 17, 2013, 12:04 pm
CVE-2013-2378
6.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. April 17, 2013, 12:04 pm
CVE-2013-2376
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. April 17, 2013, 12:04 pm
CVE-2013-2375
6.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. April 17, 2013, 12:04 pm
CVE-2013-2266
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
High bind libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. March 28, 2013, 11:03 am
CVE-2013-2237
2.1 MV Product/Version
affected:
CGE 6.0 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Low kernel The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. July 4, 2013, 16:07 pm
CVE-2013-2236
2.6 MV Product/Version
affected:
CGE 7.0 Resolved
Low quagga Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA. October 23, 2013, 22:10 pm
CVE-2013-2234
2.1 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Low kernel The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. July 4, 2013, 16:07 pm
CVE-2013-2232
4.9 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
CGE 6.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Medium kernel The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. July 4, 2013, 16:07 pm
CVE-2013-2230
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal libvirt The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving multiple events registration. September 30, 2013, 16:09 pm
CVE-2013-2224
6.9 MV Product/Version
affected:
Medium kernel A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552. July 4, 2013, 16:07 pm
CVE-2013-2218
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal libvirt Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the virsh iface-list --inactive command. September 30, 2013, 16:09 pm
CVE-2013-2207
2.6 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
Low glibc pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. October 9, 2013, 17:10 pm
CVE-2013-2206
5.4 MV Product/Version
affected:
CGE 6.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0.24 Resolved
Medium kernel The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. July 4, 2013, 16:07 pm
CVE-2013-2190
2.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low clutter The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has disappeared, which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors. October 17, 2013, 18:10 pm
CVE-2013-2174
6.8 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
CGE 7.0 Resolved
Medium curl Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a % (percent) character. July 31, 2013, 08:07 am
CVE-2013-2168
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
Low d-bus The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message. July 3, 2013, 13:07 pm
CVE-2013-2164
2.1 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
CGE 6.0 Resolved
MVL6 Kernel 2.6.29 Resolved
CGE 7.0 Resolved
Low enterprise_mrg The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. July 4, 2013, 16:07 pm
CVE-2013-2148
2.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low kernel The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. June 7, 2013, 09:06 am
CVE-2013-2147
2.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Low kernel The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. June 7, 2013, 09:06 am
CVE-2013-2146
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. June 7, 2013, 09:06 am
CVE-2013-2141
2.1 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
MVL6 Kernel 2.6.27 Resolved
Low kernel The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. June 7, 2013, 09:06 am
CVE-2013-2140
3.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low kernel The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature. September 25, 2013, 05:09 am
CVE-2013-2131
5.0 MV Product/Version
affected:
Normal rrdtool Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. January 4, 2015, 15:01 pm
CVE-2013-2130
4.0 MV Product/Version
affected:
Medium znc ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp. June 5, 2014, 15:06 pm
CVE-2013-2128
4.9 MV Product/Version
affected:
Professional PRO 5.0 Resolved
CGE 6.0 Resolved
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Medium kernel The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket. June 7, 2013, 09:06 am
CVE-2013-2116
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium gnutls The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. July 3, 2013, 13:07 pm
CVE-2013-2112
7.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious subversion The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. July 31, 2013, 08:07 am
CVE-2013-2110
5.0 MV Product/Version
affected:
Normal php Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function. June 21, 2013, 15:06 pm
CVE-2013-2099
4.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal python Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. October 9, 2013, 09:10 am
CVE-2013-2094
7.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. May 14, 2013, 15:05 pm
CVE-2013-2088
7.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious subversion contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. July 31, 2013, 08:07 am
CVE-2013-2070
5.8 MV Product/Version
affected:
Normal nginx http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. July 19, 2013, 22:07 pm
CVE-2013-2066
6.8 MV Product/Version
affected:
Medium libxv Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function. June 15, 2013, 15:06 pm
CVE-2013-2065
6.4 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal ruby (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. November 2, 2013, 14:11 pm
CVE-2013-2064
6.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal libxcb Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. June 15, 2013, 14:06 pm
CVE-2013-2063
6.8 MV Product/Version
affected:
Medium libxtst Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function. June 15, 2013, 14:06 pm
CVE-2013-2062
6.8 MV Product/Version
affected:
Medium libxp Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQueryScreens functions. June 15, 2013, 14:06 pm
CVE-2013-2061
2.6 MV Product/Version
affected:
Low openvpn The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. November 17, 2013, 20:11 pm
CVE-2013-2058
4.7 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The host_start function in drivers/usb/chipidea/host.c in the Linux kernel before 3.7.4 does not properly support a certain non-streaming option, which allows local users to cause a denial of service (system crash) by sending a large amount of network traffic through a USB/Ethernet adapter. November 4, 2013, 09:11 am
CVE-2013-2054
5.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal strongswan Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054. July 9, 2013, 12:07 pm
CVE-2013-2028
7.5 MV Product/Version
affected:
Serious nginx The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. July 19, 2013, 22:07 pm
CVE-2013-2017
7.8 MV Product/Version
affected:
MVL6 Kernel 2.6.27 Resolved
High kernel The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error. May 3, 2013, 06:05 am
CVE-2013-2015
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. April 29, 2013, 09:04 am
CVE-2013-2007
6.9 MV Product/Version
affected:
Medium qemu The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files. May 21, 2013, 13:05 pm
CVE-2013-2005
6.8 MV Product/Version
affected:
Medium libxt X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions. June 15, 2013, 15:06 pm
CVE-2013-2004
6.8 MV Product/Version
affected:
Medium libx11 The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file. June 15, 2013, 15:06 pm
CVE-2013-2003
6.8 MV Product/Version
affected:
Medium libxcursor Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function. June 15, 2013, 15:06 pm
CVE-2013-2002
6.8 MV Product/Version
affected:
Medium libxt Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function. June 15, 2013, 15:06 pm
CVE-2013-2001
6.8 MV Product/Version
affected:
Medium libxxf86vm Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function. June 15, 2013, 15:06 pm
CVE-2013-2000
6.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal libxxf86dga Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions. June 15, 2013, 15:06 pm
CVE-2013-1999
6.8 MV Product/Version
affected:
Medium libxvmc Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function. June 15, 2013, 15:06 pm
CVE-2013-1998
6.8 MV Product/Version
affected:
Medium libxi Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions. June 15, 2013, 15:06 pm
CVE-2013-1997
6.8 MV Product/Version
affected:
Medium libx11 Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions. June 15, 2013, 15:06 pm
CVE-2013-1996
6.8 MV Product/Version
affected:
Medium libfs X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function. June 15, 2013, 15:06 pm
CVE-2013-1995
6.8 MV Product/Version
affected:
Medium libxi X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function. June 15, 2013, 15:06 pm
CVE-2013-1993
6.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Normal mesa Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions. June 15, 2013, 14:06 pm
CVE-2013-1992
6.8 MV Product/Version
affected:
Medium libdmx Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions. June 15, 2013, 14:06 pm
CVE-2013-1991
6.8 MV Product/Version
affected:
Medium libxxf86dga Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions. June 15, 2013, 14:06 pm
CVE-2013-1990
6.8 MV Product/Version
affected:
Medium libxvmc Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions. June 15, 2013, 14:06 pm
CVE-2013-1989
6.8 MV Product/Version
affected:
Medium libxv Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function. June 15, 2013, 14:06 pm
CVE-2013-1988
6.8 MV Product/Version
affected:
Medium libxres Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions. June 15, 2013, 14:06 pm
CVE-2013-1987
6.8 MV Product/Version
affected:
Medium libxrender Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions. June 15, 2013, 14:06 pm
CVE-2013-1986
6.8 MV Product/Version
affected:
Medium libxrandr Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions. June 15, 2013, 14:06 pm
CVE-2013-1985
6.8 MV Product/Version
affected:
Medium libxinerama Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function. June 15, 2013, 14:06 pm
CVE-2013-1984
6.8 MV Product/Version
affected:
Medium libxi Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions. June 15, 2013, 14:06 pm
CVE-2013-1983
6.8 MV Product/Version
affected:
Medium libxfixes Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function. June 15, 2013, 14:06 pm
CVE-2013-1982
6.8 MV Product/Version
affected:
Medium libxext Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions. June 15, 2013, 14:06 pm
CVE-2013-1981
6.8 MV Product/Version
affected:
Medium libx11 Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions. June 15, 2013, 14:06 pm
CVE-2013-1979
6.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. May 3, 2013, 06:05 am
CVE-2013-1969
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High libxml2 Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function. April 25, 2013, 18:04 pm
CVE-2013-1968
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal subversion Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. July 31, 2013, 08:07 am
CVE-2013-1962
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal libvirt The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests to list all volumes for the particular pool. May 28, 2013, 19:05 pm
CVE-2013-1961
9.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
High tiff Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. July 3, 2013, 13:07 pm
CVE-2013-1960
9.3 MV Product/Version
affected:
CGE 7.0 Resolved
High tiff Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file. July 3, 2013, 13:07 pm
CVE-2013-1959
3.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low kernel kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process. May 3, 2013, 06:05 am
CVE-2013-1958
1.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Low kernel The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created. April 24, 2013, 14:04 pm
CVE-2013-1957
4.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace. April 24, 2013, 14:04 pm
CVE-2013-1956
2.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low kernel The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call. April 24, 2013, 14:04 pm
CVE-2013-1950
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal libtirpc The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer. July 9, 2013, 12:07 pm
CVE-2013-1944
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 7.0 Resolved
Medium curl The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. April 29, 2013, 17:04 pm
CVE-2013-1943
6.9 MV Product/Version
affected:
CGE 6.0 Resolved
Medium kernel The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guests physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. July 16, 2013, 09:07 am
CVE-2013-1940
2.1 MV Product/Version
affected:
CGE 6.0 Resolved
Low x.org-xserver X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. May 13, 2013, 18:05 pm
CVE-2013-1937
6.1 MV Product/Version
affected:
Normal phpmyadmin Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. April 16, 2013, 09:04 am
CVE-2013-1929
4.4 MV Product/Version
affected:
Medium kernel Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. June 7, 2013, 09:06 am
CVE-2013-1928
4.7 MV Product/Version
affected:
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.27 Resolved
CGE 6.0 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
Medium kernel The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. April 29, 2013, 09:04 am
CVE-2013-1923
3.2 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low nfs-utils rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks. January 21, 2014, 12:01 pm
CVE-2013-1914
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
MVL6 Toolchain 4.3 Resolved
CGE 6.0 Resolved
Medium glibc Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. April 29, 2013, 17:04 pm
CVE-2013-1908
5.0 MV Product/Version
affected:
Normal commons The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. July 16, 2013, 13:07 pm
CVE-2013-1907
5.0 MV Product/Version
affected:
Normal commons The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. July 16, 2013, 13:07 pm
CVE-2013-1903
10.0 MV Product/Version
affected:
CGE 7.0 Resolved
High postgresql PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to graphical installers for Linux and Mac OS X, which has unspecified impact and attack vectors. April 4, 2013, 12:04 pm
CVE-2013-1902
10.0 MV Product/Version
affected:
CGE 7.0 Resolved
High postgresql PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to graphical installers for Linux and Mac OS X. April 4, 2013, 12:04 pm
CVE-2013-1901
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium postgresql PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. April 4, 2013, 12:04 pm
CVE-2013-1900
8.5 MV Product/Version
affected:
CGE 7.0 Resolved
High postgresql PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the contrib/pgcrypto functions. April 4, 2013, 12:04 pm
CVE-2013-1899
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
Medium postgresql Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a - (hyphen). April 4, 2013, 12:04 pm
CVE-2013-1888
6.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal pip pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. August 17, 2013, 01:08 am
CVE-2013-1884
5.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal subversion The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable. May 2, 2013, 09:05 am
CVE-2013-1881
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal librsvg GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. October 9, 2013, 19:10 pm
CVE-2013-1872
6.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal mesa The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796. August 19, 2013, 18:08 pm
CVE-2013-1863
6.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal samba Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations. March 19, 2013, 12:03 pm
CVE-2013-1862
5.1 MV Product/Version
affected:
Medium appache mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. June 10, 2013, 12:06 pm
CVE-2013-1861
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal mariadb MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. March 28, 2013, 18:03 pm
CVE-2013-1860
6.9 MV Product/Version
affected:
CGE 6.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Medium kernel Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. March 22, 2013, 06:03 am
CVE-2013-1858
7.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child process. April 5, 2013, 16:04 pm
CVE-2013-1849
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal subversion The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL. May 2, 2013, 09:05 am
CVE-2013-1848
6.2 MV Product/Version
affected:
Medium kernel fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. March 22, 2013, 06:03 am
CVE-2013-1847
5.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal subversion The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. May 2, 2013, 09:05 am
CVE-2013-1846
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal subversion The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. May 2, 2013, 09:05 am
CVE-2013-1845
2.1 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low subversion The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. May 2, 2013, 09:05 am
CVE-2013-1839
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
High squid The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a , character in an Accept-Language header. September 30, 2013, 17:09 pm
CVE-2013-1828
6.9 MV Product/Version
affected:
Medium kernel The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call. March 22, 2013, 06:03 am
CVE-2013-1827
6.2 MV Product/Version
affected:
CGE 5.1 Resolved
Medium kernel net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. March 22, 2013, 06:03 am
CVE-2013-1826
6.2 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability. March 22, 2013, 06:03 am
CVE-2013-1825
0 MV Product/Version
affected:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2546, CVE-2013-2547, CVE-2013-2548. Reason: This candidate is a duplicate of CVE-2013-2546, CVE-2013-2547, and CVE-2013-2548. Notes: All CVE users should reference one or more of CVE-2013-2546, CVE-2013-2547, and CVE-2013-2548 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. March 15, 2013, 15:03 pm
CVE-2013-1824
4.3 MV Product/Version
affected:
Normal php The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. September 16, 2013, 08:09 am
CVE-2013-1821
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal ruby lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack. April 9, 2013, 16:04 pm
CVE-2013-1819
4.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Normal kernel The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. March 6, 2013, 16:03 pm
CVE-2013-1813
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
High busybox util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. November 23, 2013, 05:11 am
CVE-2013-1798
6.2 MV Product/Version
affected:
CGE 6.0 Resolved
Medium kernel The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. March 22, 2013, 06:03 am
CVE-2013-1797
6.8 MV Product/Version
affected:
Medium kernel Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. March 22, 2013, 06:03 am
CVE-2013-1796
6.8 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
Medium kernel The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. March 22, 2013, 06:03 am
CVE-2013-1792
4.7 MV Product/Version
affected:
CGE 6.0 Resolved
Medium kernel Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. March 22, 2013, 06:03 am
CVE-2013-1776
4.4 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
Medium sudo sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. April 8, 2013, 12:04 pm
CVE-2013-1775
6.9 MV Product/Version
affected:
CGE 6.0 Resolved
Medium sudo sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. March 5, 2013, 15:03 pm
CVE-2013-1774
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Medium enterprise_mrg The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. February 28, 2013, 13:02 pm
CVE-2013-1773
6.2 MV Product/Version
affected:
CGE 6.0 Resolved
Medium enterprise_mrg Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. February 28, 2013, 13:02 pm
CVE-2013-1772
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (buffer overflow and system crash) by leveraging /dev/kmsg write access and triggering a call_console_drivers function call. February 28, 2013, 13:02 pm
CVE-2013-1767
6.2 MV Product/Version
affected:
CGE 6.0 Resolved
Medium kernel Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. February 28, 2013, 13:02 pm
CVE-2013-1766
3.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low libvirt libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. March 20, 2013, 10:03 am
CVE-2013-1763
7.2 MV Product/Version
affected:
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
MVL6 Kernel 2.6.24 Resolved
Professional PRO 5.0 Resolved
High kernel Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message. February 28, 2013, 13:02 pm
CVE-2013-1762
6.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal stunnel stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via a crafted request that triggers a buffer overflow. March 8, 2013, 12:03 pm
CVE-2013-1741
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
High nss Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. November 17, 2013, 23:11 pm
CVE-2013-1740
5.8 MV Product/Version
affected:
CGE 7.0 Resolved
Medium nss The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. January 18, 2014, 16:01 pm
CVE-2013-1667
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious perl The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. March 13, 2013, 22:03 pm
CVE-2013-1643
5.0 MV Product/Version
affected:
Normal php The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824. March 6, 2013, 07:03 am
CVE-2013-1635
7.5 MV Product/Version
affected:
Serious php ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. March 6, 2013, 07:03 am
CVE-2013-1629
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal pip pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a pip install operation. August 5, 2013, 21:08 pm
CVE-2013-1619
4.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
Medium gnutls The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. February 8, 2013, 13:02 pm
CVE-2013-1590
2.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low wireshark Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1589
2.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Low wireshark Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1588
2.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low wireshark Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1587
2.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low wireshark The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1586
2.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low wireshark The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1585
2.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Low wireshark epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1584
2.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low wireshark The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1583
2.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low wireshark The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1582
2.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Low wireshark The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1581
2.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Low wireshark The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1580
2.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low wireshark The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1579
2.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low wireshark The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1578
2.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low wireshark The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to cause a denial of service (loop) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1577
2.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low wireshark The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1576
2.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low wireshark The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1575
2.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Low wireshark The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1574
2.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low wireshark The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1573
2.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low wireshark The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1572
2.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Low wireshark The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. February 2, 2013, 19:02 pm
CVE-2013-1570
5.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached. April 17, 2013, 12:04 pm
CVE-2013-1567
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395. April 17, 2013, 07:04 am
CVE-2013-1566
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. April 17, 2013, 07:04 am
CVE-2013-1555
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition. April 17, 2013, 07:04 am
CVE-2013-1552
6.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. April 17, 2013, 07:04 am
CVE-2013-1548
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types. April 17, 2013, 07:04 am
CVE-2013-1544
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. April 17, 2013, 07:04 am
CVE-2013-1532
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema. April 17, 2013, 07:04 am
CVE-2013-1531
6.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges. April 17, 2013, 07:04 am
CVE-2013-1526
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. April 17, 2013, 07:04 am
CVE-2013-1523
4.6 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer. April 17, 2013, 07:04 am
CVE-2013-1521
6.5 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking. April 17, 2013, 07:04 am
CVE-2013-1512
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. April 17, 2013, 07:04 am
CVE-2013-1511
3.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. April 17, 2013, 07:04 am
CVE-2013-1506
2.8 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking. April 17, 2013, 07:04 am
CVE-2013-1502
1.5 MV Product/Version
affected:
Low mysql Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition. April 17, 2013, 07:04 am
CVE-2013-1492
7.5 MV Product/Version
affected:
Serious mysql Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553. March 28, 2013, 18:03 pm
CVE-2013-1427
1.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Low lighttpd The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition. March 21, 2013, 12:03 pm
CVE-2013-1059
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. July 8, 2013, 12:07 pm
CVE-2013-1051
4.3 MV Product/Version
affected:
Normal apt apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories. March 21, 2013, 12:03 pm
CVE-2013-1048
4.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal apache2 The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack. March 6, 2013, 07:03 am
CVE-2013-0914
3.6 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
CGE 6.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0 Resolved
Low kernel The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. March 22, 2013, 06:03 am
CVE-2013-0913
7.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Serious kernel Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. March 18, 2013, 10:03 am
CVE-2013-0894
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. February 23, 2013, 15:02 pm
CVE-2013-0871
6.9 MV Product/Version
affected:
Professional PRO 5.0.24 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.27 Resolved
Consumer Mobilinux 5.0.24 Resolved
Medium kernel Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. February 17, 2013, 22:02 pm
CVE-2013-0800
9.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical pixman cairo Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. April 3, 2013, 06:04 am
CVE-2013-0744
9.3 MV Product/Version
affected:
CGX 2.0 Resolved
High firefox Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups. January 13, 2013, 14:01 pm
CVE-2013-0454
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal samba The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or hide unreadable parameter. March 26, 2013, 16:03 pm
CVE-2013-0389
6.8 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. January 16, 2013, 19:01 pm
CVE-2013-0386
6.8 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. January 16, 2013, 19:01 pm
CVE-2013-0385
6.6 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication. January 16, 2013, 19:01 pm
CVE-2013-0384
6.8 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema. January 16, 2013, 19:01 pm
CVE-2013-0383
4.3 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking. January 16, 2013, 19:01 pm
CVE-2013-0375
6.4 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication. January 16, 2013, 19:01 pm
CVE-2013-0371
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM. January 16, 2013, 19:01 pm
CVE-2013-0368
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. January 16, 2013, 19:01 pm
CVE-2013-0367
4.0 MV Product/Version
affected:
Normal mysql Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition. January 16, 2013, 19:01 pm
CVE-2013-0349
1.9 MV Product/Version
affected:
Low kernel The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. February 28, 2013, 13:02 pm
CVE-2013-0343
3.2 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Professional PRO 5.0.24 Resolved
CGE 7.0 Resolved
CGE 6.0 Resolved
Low kernel The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. February 28, 2013, 13:02 pm
CVE-2013-0341
0 MV Product/Version
affected:
CGE 7.0 Resolved
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. September 26, 2013, 09:09 am
CVE-2013-0340
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
Medium expat expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. January 21, 2014, 12:01 pm
CVE-2013-0339
6.8 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Medium libxml2 libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE. January 21, 2014, 12:01 pm
CVE-2013-0338
4.3 MV Product/Version
affected:
CGE 6.0 Resolved
Professional PRO 5.0 Resolved
Medium libxml2 libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka internal entity expansion with linear complexity. April 25, 2013, 18:04 pm
CVE-2013-0337
7.5 MV Product/Version
affected:
Serious nginx The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. October 26, 2013, 19:10 pm
CVE-2013-0313
6.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module (EVM) is enabled, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an attempted removexattr operation on an inode of a sockfs filesystem. February 21, 2013, 18:02 pm
CVE-2013-0311
6.5 MV Product/Version
affected:
MVL6 Kernel 2.6.34 Resolved
CGE 6.0 Resolved
Medium kernel The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. February 21, 2013, 18:02 pm
CVE-2013-0310
6.6 MV Product/Version
affected:
CGE 6.0 Resolved
Medium kernel The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. February 21, 2013, 18:02 pm
CVE-2013-0309
4.7 MV Product/Version
affected:
Professional PRO 5.0 Resolved
Professional PRO 5.0 Resolved
MVL6 Kernel 2.6.28 Resolved
Professional PRO 5.0.24 Resolved
Consumer Mobilinux 5.0.24 Resolved
Medium kernel arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application. February 21, 2013, 18:02 pm
CVE-2013-0308
4.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal git The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subjects Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. March 8, 2013, 15:03 pm
CVE-2013-0296
4.4 MV Product/Version
affected:
Normal pigz Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that files permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring. April 27, 2014, 16:04 pm
CVE-2013-0292
7.2 MV Product/Version
affected:
CGE 6.0 Resolved
High dbus-glib The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal. March 5, 2013, 15:03 pm
CVE-2013-0290
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application. February 19, 2013, 13:02 pm
CVE-2013-0288
6.8 MV Product/Version
affected:
Normal nss-pam-ldapd nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro. March 5, 2013, 15:03 pm
CVE-2013-0287
4.9 MV Product/Version
affected:
Normal sssd The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions. March 21, 2013, 11:03 am
CVE-2013-0281
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal pacemaker Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote attackers to cause a denial of service (connection blocking). November 23, 2013, 05:11 am
CVE-2013-0268
6.2 MV Product/Version
affected:
CGE 5.1 Resolved
Medium kernel The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. February 17, 2013, 22:02 pm
CVE-2013-0256
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal ruby darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. February 28, 2013, 23:02 pm
CVE-2013-0255
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
Medium postgresql PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a denial of service (server crash) or read sensitive process memory via a crafted SQL command, which triggers an array index error and an out-of-bounds read. February 12, 2013, 19:02 pm
CVE-2013-0254
3.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Low qt The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. February 6, 2013, 06:02 am
CVE-2013-0252
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal boost boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes. March 12, 2013, 17:03 pm
CVE-2013-0250
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal corosync The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet. June 6, 2014, 09:06 am
CVE-2013-0249
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious libcurl curl Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. March 8, 2013, 16:03 pm
CVE-2013-0242
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
MVL6 Toolchain 4.3 Resolved
CGE 6.0 Resolved
Medium glibc Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. February 8, 2013, 14:02 pm
CVE-2013-0231
4.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. February 12, 2013, 19:02 pm
CVE-2013-0228
6.2 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application. March 1, 2013, 06:03 am
CVE-2013-0224
4.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal video The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. March 19, 2013, 09:03 am
CVE-2013-0223
1.9 MV Product/Version
affected:
Low coreutils The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function. November 23, 2013, 12:11 pm
CVE-2013-0222
2.1 MV Product/Version
affected:
Low coreutils The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function. November 23, 2013, 12:11 pm
CVE-2013-0221
4.3 MV Product/Version
affected:
Medium coreutils The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function. November 23, 2013, 12:11 pm
CVE-2013-0220
5.0 MV Product/Version
affected:
Normal sssd The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet. February 24, 2013, 13:02 pm
CVE-2013-0219
3.7 MV Product/Version
affected:
Low sssd System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another users files. February 24, 2013, 13:02 pm
CVE-2013-0217
5.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions. February 17, 2013, 22:02 pm
CVE-2013-0216
5.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. February 17, 2013, 22:02 pm
CVE-2013-0214
5.1 MV Product/Version
affected:
Medium samba Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. February 2, 2013, 14:02 pm
CVE-2013-0213
5.1 MV Product/Version
affected:
Medium samba The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. February 2, 2013, 14:02 pm
CVE-2013-0211
5.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal libarchive Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. September 30, 2013, 17:09 pm
CVE-2013-0198
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal dnsmasq Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411. March 5, 2013, 15:03 pm
CVE-2013-0190
4.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption. February 12, 2013, 19:02 pm
CVE-2013-0189
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 6.0 Resolved
Medium squid cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison. February 8, 2013, 14:02 pm
CVE-2013-0172
3.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
Low samba Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute. January 17, 2013, 15:01 pm
CVE-2013-0170
9.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical libvirt Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. February 8, 2013, 14:02 pm
CVE-2013-0169
2.6 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
CGE 7.0 Resolved
Low openssl The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. February 8, 2013, 13:02 pm
CVE-2013-0166
5.0 MV Product/Version
affected:
CGE 6.0 Resolved
CGE 6.0 Resolved
Consumer Mobilinux 5.0.24 Resolved
Medium openssl OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. February 8, 2013, 13:02 pm
CVE-2013-0160
2.1 MV Product/Version
affected:
Low kernel The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. February 17, 2013, 22:02 pm
CVE-2013-0157
2.1 MV Product/Version
affected:
Low kernel (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. January 21, 2014, 12:01 pm