CVE-2012-3406
- EPSS 3.16%
- Veröffentlicht 10.02.2014 18:15:10
- Zuletzt bearbeitet 29.04.2026 01:13:23
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers...
CVE-2011-1773
- EPSS 0.47%
- Veröffentlicht 08.02.2014 00:55:05
- Zuletzt bearbeitet 29.04.2026 01:13:23
virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password.
CVE-2014-0001
- EPSS 6.35%
- Veröffentlicht 31.01.2014 23:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
CVE-2013-6368
- EPSS 0.61%
- Veröffentlicht 14.12.2013 18:08:45
- Zuletzt bearbeitet 29.04.2026 01:13:23
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
CVE-2013-1913
- EPSS 4.07%
- Veröffentlicht 12.12.2013 18:55:10
- Zuletzt bearbeitet 29.04.2026 01:13:23
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code ...
CVE-2013-1978
- EPSS 4.19%
- Veröffentlicht 12.12.2013 18:55:10
- Zuletzt bearbeitet 29.04.2026 01:13:23
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window Syste...
- EPSS 2%
- Veröffentlicht 12.12.2013 18:55:10
- Zuletzt bearbeitet 29.04.2026 01:13:23
mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.
CVE-2013-2133
- EPSS 1.81%
- Veröffentlicht 06.12.2013 17:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated...
CVE-2012-0787
- EPSS 0.41%
- Veröffentlicht 23.11.2013 18:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on...
CVE-2013-0221
- EPSS 7.24%
- Veröffentlicht 23.11.2013 18:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based...