Vulnerabilities (CVE)

Filtered by CWE-399
Total 2548 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4130 2 Canonical, Spice Project 2 Ubuntu Linux, Spice 2024-11-21 5.0 MEDIUM N/A
The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attackers to cause a denial of service (reachable assertion and server exit) by triggering a network error.
CVE-2013-4127 1 Linux 1 Linux Kernel 2024-11-21 4.7 MEDIUM N/A
Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine.
CVE-2013-4125 1 Linux 1 Linux Kernel 2024-11-21 5.4 MEDIUM N/A
The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack in the Linux kernel through 3.10.1 does not properly handle Router Advertisement (RA) messages in certain circumstances involving three routes that initially qualified for membership in an ECMP route set until a change occurred for one of the first two routes, which allows remote attackers to cause a denial of service (system crash) via a crafted sequence of messages.
CVE-2013-4075 3 Debian, Opensuse, Wireshark 3 Debian Linux, Opensuse, Wireshark 2024-11-21 5.0 MEDIUM N/A
epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-3969 1 Mongodb 1 Mongodb 2024-11-21 6.5 MEDIUM N/A
The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.
CVE-2013-3902 1 Microsoft 1 Windows 7 2024-11-21 7.2 HIGH N/A
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1 and Windows 7 SP1 on 64-bit platforms allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
CVE-2013-3893 1 Microsoft 1 Internet Explorer 2024-11-21 9.3 HIGH N/A
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
CVE-2013-3888 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2024-11-21 7.2 HIGH 8.4 HIGH
dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
CVE-2013-3881 1 Microsoft 1 Windows 7 2024-11-21 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
CVE-2013-3879 1 Microsoft 8 Windows 7, Windows 8, Windows Rt and 5 more 2024-11-21 7.2 HIGH N/A
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
CVE-2013-3870 1 Microsoft 1 Outlook 2024-11-21 9.3 HIGH N/A
Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability."
CVE-2013-3862 1 Microsoft 2 Windows 7, Windows Server 2008 2024-11-21 6.9 MEDIUM N/A
Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Service Control Manager (SCM), aka "Service Control Manager Double Free Vulnerability."
CVE-2013-3846 1 Microsoft 1 Internet Explorer 2024-11-21 9.3 HIGH N/A
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143 and CVE-2013-3161.
CVE-2013-3627 1 Mcafee 1 Agent 2024-11-21 5.0 MEDIUM N/A
FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request.
CVE-2013-3467 1 Cisco 2 Unified Computing System 6120xp Fabric Interconnect, Unified Computing System 6140xp Fabric Interconnect 2024-11-21 4.6 MEDIUM N/A
Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of service (memory consumption and device reset) via a (1) "show monitor session all" or (2) "show monitor session" command, aka Bug ID CSCug20103.
CVE-2013-3461 1 Cisco 1 Unified Communications Manager 2024-11-21 7.1 HIGH N/A
Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.
CVE-2013-3460 1 Cisco 1 Unified Communications Manager 2024-11-21 7.8 HIGH N/A
Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.
CVE-2013-3459 1 Cisco 1 Unified Communications Manager 2024-11-21 7.8 HIGH N/A
Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
CVE-2013-3453 1 Cisco 2 Unified Communications Manager, Unified Presence 2024-11-21 7.8 HIGH N/A
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.
CVE-2013-3435 1 Cisco 2 Unified Ip Conference Station 7937g, Unified Ip Conference Station 7937g Firmware 2024-11-21 5.0 MEDIUM N/A
The Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka Bug ID CSCuh42052.