CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat : Security Vulnerabilities Published In 2013 (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-5651 119 DoS Overflow 2013-09-30 2013-10-23
5.0
None Remote Low Not required None None Partial
The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.
2 CVE-2013-4397 189 DoS Exec Code Overflow 2013-10-17 2013-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.
3 CVE-2013-4332 189 DoS Overflow 2013-10-09 2014-01-03
4.3
None Remote Medium Not required None None Partial
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
4 CVE-2013-4297 119 DoS Overflow 2013-09-30 2013-10-01
4.0
None Remote Low Single system None None Partial
The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.
5 CVE-2013-4296 119 DoS Overflow 2013-09-30 2013-11-06
4.0
None Remote Low Single system None None Partial
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call.
6 CVE-2013-4282 119 DoS Overflow 2013-11-02 2014-01-23
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
7 CVE-2013-4261 119 DoS Overflow 2013-10-29 2013-10-30
3.5
None Remote Medium Single system None None Partial
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.
8 CVE-2013-4239 119 DoS Overflow Mem. Corr. 2013-09-30 2013-10-01
4.0
None Remote Low Single system None None Partial
The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.
9 CVE-2013-4124 189 DoS Overflow 2013-08-05 2014-03-26
5.0
None Remote Low Not required None None Partial
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
10 CVE-2013-2555 189 Exec Code Overflow 2013-03-11 2014-03-26
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
11 CVE-2013-2174 119 DoS Exec Code Overflow 2013-07-31 2013-07-31
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.
12 CVE-2013-1978 119 DoS Exec Code Overflow 2013-12-12 2013-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.
13 CVE-2013-1913 189 DoS Exec Code Overflow 2013-12-12 2013-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
14 CVE-2013-1872 119 DoS Exec Code Overflow 2013-08-19 2013-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.
15 CVE-2013-1861 119 DoS Overflow 2013-03-28 2014-01-13
5.0
None Remote Low Not required None None Partial
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
16 CVE-2013-1773 119 1 DoS Overflow +Priv 2013-02-28 2014-01-27
6.2
None Local High Not required Complete Complete Complete
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
17 CVE-2013-1591 189 Overflow 2013-01-31 2014-01-30
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.
18 CVE-2013-0310 119 DoS Overflow 2013-02-21 2013-02-22
6.6
None Local Medium Single system Complete Complete Complete
The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call.
19 CVE-2013-0309 119 DoS Overflow 2013-02-21 2013-02-22
4.7
None Local Medium Not required None None Complete
arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application.
20 CVE-2013-0223 119 DoS Overflow 2013-11-23 2013-11-25
1.9
None Local Medium Not required None None Partial
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function.
21 CVE-2013-0222 119 DoS Overflow 2013-11-23 2014-03-07
2.1
None Local Low Not required None None Partial
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.
22 CVE-2013-0221 20 DoS Overflow 2013-11-23 2014-03-05
4.3
None Remote Medium Not required None None Partial
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the alloca function.
23 CVE-2010-0430 119 Overflow 2013-12-26 2013-12-27
7.4
None Local Network Medium Single system Complete Complete Complete
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.