Export limit exceeded: 23516 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (23516 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4239 1 Redhat 1 Libvirt 2025-04-11 N/A
The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.
CVE-2013-4282 2 Redhat, Spice Project 3 Enterprise Linux, Enterprise Virtualization, Spice 2025-04-11 N/A
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
CVE-2013-4283 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2025-04-11 N/A
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
CVE-2013-4284 1 Redhat 1 Enterprise Mrg 2025-04-11 N/A
Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request.
CVE-2013-4324 2 Redhat, Spice-gtk Project 2 Enterprise Linux, Spice-gtk 2025-04-11 N/A
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
CVE-2013-4325 2 Hp, Redhat 2 Linux Imaging And Printing Project, Enterprise Linux 2025-04-11 N/A
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
CVE-2013-4326 2 Lennart Poettering, Redhat 2 Rkit, Enterprise Linux 2025-04-11 N/A
RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
CVE-2013-4330 2 Apache, Redhat 10 Camel, Fuse Esb Enterprise, Fuse Management Console and 7 more 2025-04-11 N/A
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
CVE-2013-4368 2 Redhat, Xen 2 Enterprise Linux, Xen 2025-04-11 N/A
The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register.
CVE-2013-4400 1 Redhat 1 Libvirt 2025-04-11 N/A
virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.
CVE-2013-0153 2 Redhat, Xen 2 Enterprise Linux, Xen 2025-04-11 N/A
The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.
CVE-2013-0162 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more 4 1, Openshift, 1.2 and 1 more 2025-04-11 N/A
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVE-2013-0155 5 Cloudforms Cloudengine, Debian, Redhat and 2 more 6 1, Debian Linux, Openshift and 3 more 2025-04-11 N/A
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
CVE-2013-0156 5 Cloudforms Cloudengine, Debian, Redhat and 2 more 6 1, Debian Linux, Openshift and 3 more 2025-04-11 N/A
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
CVE-2013-0157 2 Kernel, Redhat 2 Util-linux, Enterprise Linux 2025-04-11 N/A
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.
CVE-2013-0158 3 Cloudbees, Jenkins, Redhat 3 Jenkins, Jenkins, Openshift 2025-04-11 N/A
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
CVE-2013-0170 5 Canonical, Fedoraproject, Opensuse and 2 more 12 Ubuntu Linux, Fedora, Opensuse and 9 more 2025-04-11 N/A
Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.
CVE-2013-0190 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 N/A
The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption.
CVE-2013-0208 3 Canonical, Openstack, Redhat 4 Ubuntu Linux, Essex, Folsom and 1 more 2025-04-11 N/A
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
CVE-2013-0212 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Image Registry And Delivery Service \(glance\), Openstack 2025-04-11 N/A
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.