Export limit exceeded: 363262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4361 1 Xen 1 Xen 2025-04-11 N/A
The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction.
CVE-2013-4362 1 Werner Baumann 1 Davfs2 2025-04-11 N/A
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.
CVE-2013-4363 2 Ruby-lang, Rubygems 2 Ruby, Rubygems 2025-04-11 N/A
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.
CVE-2013-4365 4 Apache, Debian, Opensuse and 1 more 6 Http Server, Mod Fcgid, Debian Linux and 3 more 2025-04-11 N/A
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
CVE-2013-4368 2 Redhat, Xen 2 Enterprise Linux, Xen 2025-04-11 N/A
The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register.
CVE-2013-4369 1 Xen 1 Xen 2025-04-11 N/A
The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.
CVE-2013-4370 1 Xen 1 Xen 2025-04-11 N/A
The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free.
CVE-2013-4371 1 Xen 1 Xen 2025-04-11 N/A
Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2013-4372 1 Redhat 6 Fuse Esb Enterprise, Fuse Management Console, Fuse Mq Enterprise and 3 more 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.
CVE-2013-4373 1 Redhat 1 Jboss Operations Network 2025-04-11 N/A
The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files.
CVE-2013-4375 2 Qemu, Xen 2 Qemu, Xen 2025-04-11 N/A
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.
CVE-2013-4833 1 Hp 1 Service Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4376 1 X2go 1 X2go Server 2025-04-11 N/A
The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-db-sqlite3-wrapper.pl.
CVE-2013-4377 1 Qemu 1 Qemu 2025-04-11 N/A
Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.
CVE-2013-4378 1 Emeric Vernat 1 Javamelody 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header.
CVE-2013-4379 2 Drupal, Sebastien Corbin 2 Drupal, Make Meeting Scheduler Module 2025-04-11 N/A
The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL.
CVE-2013-4383 2 Dennis Bruecke, Drupal 2 Jquery Countdown, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4422 3 Postgresql, Qt, Quassel-irc 3 Postgresql, Qt, Quassel Irc 2025-04-11 N/A
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
CVE-2013-4384 2 Drupal, Google Site Search Project 2 Drupal, Google Site Search Module 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API.
CVE-2013-4385 1 Call-cc 1 Chicken 2025-04-11 N/A
Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.