Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0019 | 3 Dest-unreach, Fedoraproject, Opensuse | 3 Socat, Fedora, Opensuse | 2024-11-21 | 1.9 LOW | N/A |
| Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line. | |||||
| CVE-2013-7423 | 4 Canonical, Gnu, Opensuse and 1 more | 4 Ubuntu Linux, Glibc, Opensuse and 1 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. | |||||
| CVE-2013-7370 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Openshift and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | |||||
| CVE-2013-7336 | 2 Opensuse, Redhat | 2 Opensuse, Libvirt | 2024-11-21 | 1.9 LOW | N/A |
| The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function. | |||||
| CVE-2013-6858 | 3 Canonical, Openstack, Opensuse | 3 Ubuntu Linux, Horizon, Opensuse | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page. | |||||
| CVE-2013-6712 | 5 Apple, Canonical, Debian and 2 more | 5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. | |||||
| CVE-2013-6673 | 5 Canonical, Fedoraproject, Mozilla and 2 more | 10 Ubuntu Linux, Fedora, Firefox and 7 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. | |||||
| CVE-2013-6672 | 7 Canonical, Fedoraproject, Linux and 4 more | 10 Ubuntu Linux, Fedora, Linux Kernel and 7 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. | |||||
| CVE-2013-6671 | 6 Canonical, Fedoraproject, Mozilla and 3 more | 17 Ubuntu Linux, Fedora, Firefox and 14 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. | |||||
| CVE-2013-6650 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2024-11-21 | 7.5 HIGH | N/A |
| The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages." | |||||
| CVE-2013-6649 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2024-11-21 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a zero-size SVG image. | |||||
| CVE-2013-6646 | 6 Apple, Debian, Google and 3 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2024-11-21 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the shutting down of a worker process. | |||||
| CVE-2013-6645 | 6 Apple, Debian, Google and 3 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving certain print-preview and tab-switch actions that interact with a speech input element. | |||||
| CVE-2013-6644 | 6 Apple, Debian, Google and 3 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2013-6643 | 6 Apple, Debian, Google and 3 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2024-11-21 | 7.5 HIGH | N/A |
| The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handling of the closing of an untrusted signin confirm dialog. | |||||
| CVE-2013-6641 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2024-11-21 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of the past names map of a FORM element. | |||||
| CVE-2013-6629 | 9 Artifex, Canonical, Debian and 6 more | 12 Gpl Ghostscript, Ubuntu Linux, Debian Linux and 9 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | |||||
| CVE-2013-6621 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2024-11-21 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element. | |||||
| CVE-2013-6425 | 5 Canonical, Debian, Opensuse and 2 more | 10 Ubuntu Linux, Debian Linux, Opensuse and 7 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | |||||
| CVE-2013-6424 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | |||||