Search

Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4276 1 Littlecms 1 Little Cms Color Engine 2025-04-11 N/A
Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.
CVE-2013-4277 1 Apache 1 Subversion 2025-04-11 N/A
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
CVE-2013-4278 1 Openstack 1 Compute 2025-04-11 N/A
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
CVE-2013-4282 2 Redhat, Spice Project 3 Enterprise Linux, Enterprise Virtualization, Spice 2025-04-11 N/A
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
CVE-2013-4283 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2025-04-11 N/A
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
CVE-2013-4284 1 Redhat 1 Enterprise Mrg 2025-04-11 N/A
Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request.
CVE-2013-4286 2 Apache, Redhat 11 Tomcat, Enterprise Linux, Jboss Bpms and 8 more 2025-04-11 N/A
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
CVE-2013-4287 3 Redhat, Ruby-lang, Rubygems 7 Enterprise Linux, Enterprise Mrg, Openshift and 4 more 2025-04-11 N/A
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.
CVE-2013-4288 4 Canonical, Opensuse, Polkit Project and 1 more 4 Ubuntu Linux, Opensuse, Polkit and 1 more 2025-04-11 N/A
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.
CVE-2013-4291 1 Redhat 1 Libvirt 2025-04-11 N/A
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.
CVE-2013-4292 1 Redhat 1 Libvirt 2025-04-11 N/A
libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.
CVE-2013-4293 1 Redhat 1 Jboss Operations Network 2025-04-11 N/A
The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files.
CVE-2013-4294 2 Openstack, Redhat 2 Keystone, Openstack 2025-04-11 N/A
The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
CVE-2013-4295 1 Apache 1 Shindig 2025-04-11 N/A
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-4296 2 Canonical, Redhat 3 Ubuntu Linux, Enterprise Linux, Libvirt 2025-04-11 N/A
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.
CVE-2013-4297 1 Redhat 1 Libvirt 2025-04-11 N/A
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.
CVE-2013-4298 1 Imagemagick 1 Imagemagick 2025-04-11 N/A
The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.
CVE-2013-4299 2 Linux, Redhat 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more 2025-04-11 N/A
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.
CVE-2013-4300 1 Linux 1 Linux Kernel 2025-04-11 N/A
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.
CVE-2013-4301 1 Mediawiki 1 Mediawiki 2025-04-11 N/A
includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message.