Search

Search Results (364230 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7423 4 Canonical, Gnu, Opensuse and 1 more 7 Ubuntu Linux, Glibc, Opensuse and 4 more 2025-04-12 N/A
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
CVE-2013-7424 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2025-04-12 N/A
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6.
CVE-2013-7436 2 Kanaka, Redhat 2 Novnc, Openstack 2025-04-12 N/A
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2013-7437 1 Icoasoft 1 Potrace 2025-04-12 N/A
Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.
CVE-2013-7438 1 Pbm212030 Project 1 Pbm212030 2025-04-12 N/A
Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PBM image, related to (1) stream line data, which triggers a heap-based buffer overflow, or (2) vectors related to an "internal intermediate heap-based buffer."
CVE-2013-7439 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 N/A
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
CVE-2013-7440 2 Python, Redhat 4 Python, Rhel Software Collections, Satellite and 1 more 2025-04-12 N/A
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2013-7442 1 Gehealthcare 1 Centricity Pacs Workstation 2025-04-12 N/A
GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it.
CVE-2013-7443 2 Canonical, Sqlite 2 Ubuntu Linux, Sqlite 2025-04-12 N/A
Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.
CVE-2013-7444 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
CVE-2013-7445 1 Linux 1 Linux Kernel 2025-04-12 N/A
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
CVE-2013-7446 1 Linux 1 Linux Kernel 2025-04-12 N/A
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
CVE-2013-7447 2 Canonical, Samsung 2 Ubuntu Linux, X14j Firmware 2025-04-12 N/A
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.
CVE-2013-7448 2 Debian, Didiwiki Project 2 Debian Linux, Didiwiki 2025-04-12 N/A
Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.
CVE-2013-7449 3 Canonical, Hexchat Project, Xchat 4 Ubuntu Linux, Hexchat, Xchat and 1 more 2025-04-12 N/A
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-7455 1 Littlecms 1 Little Cms Color Engine 2025-04-12 N/A
Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler.
CVE-2013-7456 3 Libgd, Php, Redhat 3 Libgd, Php, Rhel Software Collections 2025-04-12 N/A
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.
CVE-2013-7457 1 Google 1 Android 2025-04-12 N/A
Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
CVE-2013-7458 2 Debian, Redislabs 2 Debian Linux, Redis 2025-04-12 N/A
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
CVE-2014-0002 2 Apache, Redhat 9 Camel, Fuse Esb Enterprise, Fuse Management Console and 6 more 2025-04-12 N/A
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.