Search

Search Results (363345 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6432 1 Linux 1 Linux Kernel 2025-04-11 N/A
The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application.
CVE-2013-6434 1 Redhat 2 Enterprise Virtualization Manager, Rhev Manager 2025-04-11 N/A
The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server.
CVE-2013-6436 1 Redhat 1 Libvirt 2025-04-11 N/A
The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command.
CVE-2013-6439 2 Redhat, Rhel Sam 2 Subscription Asset Manager, 1.3 2025-04-11 N/A
Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.
CVE-2013-6440 3 Internet2, Redhat, Shibboleth 10 Opensaml, Fuse Esb Enterprise, Fuse Management Console and 7 more 2025-04-11 N/A
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
CVE-2013-6441 1 Linuxcontainers 1 Lxc 2025-04-11 N/A
The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.
CVE-2013-6443 1 Redhat 3 Cloudforms, Cloudforms 3.0 Management Engine, Cloudforms Managementengine 2025-04-11 N/A
CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.
CVE-2013-6447 1 Redhat 2 Jboss Enterprise Web Framework, Jboss Seam 2 Framework 2025-04-11 N/A
Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file.
CVE-2013-6448 1 Redhat 2 Jboss Enterprise Web Framework, Jboss Seam 2 Framework 2025-04-11 N/A
The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors.
CVE-2013-6449 2 Openssl, Redhat 2 Openssl, Enterprise Linux 2025-04-11 N/A
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
CVE-2013-6450 2 Openssl, Redhat 2 Openssl, Enterprise Linux 2025-04-11 N/A
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.
CVE-2013-6457 1 Redhat 1 Libvirt 2025-04-11 N/A
The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.
CVE-2013-6458 1 Redhat 2 Enterprise Linux, Libvirt 2025-04-11 N/A
Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command.
CVE-2013-6459 2 Mislav Marohnic, Redhat 3 Will Paginate, Satellite, Satellite Capsule 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
CVE-2013-6462 2 Redhat, X 2 Enterprise Linux, Libxfont 2025-04-11 N/A
Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.
CVE-2013-6466 2 Redhat, Xelerance 2 Enterprise Linux, Openswan 2025-04-11 N/A
Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.
CVE-2013-6467 1 Libreswan 1 Libreswan 2025-04-11 N/A
Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.
CVE-2013-6477 2 Pidgin, Redhat 2 Pidgin, Enterprise Linux 2025-04-11 N/A
Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.
CVE-2013-6478 2 Pidgin, Redhat 2 Pidgin, Enterprise Linux 2025-04-11 N/A
gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip.
CVE-2013-6479 2 Pidgin, Redhat 2 Pidgin, Enterprise Linux 2025-04-11 N/A
util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a denial of service (application crash) via a crafted response.