CVE-2013-4287
- EPSS 3.34%
- Veröffentlicht 17.10.2013 23:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote at...
CVE-2013-4397
- EPSS 5.49%
- Veröffentlicht 17.10.2013 23:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a ...
CVE-2013-4345
- EPSS 3.18%
- Veröffentlicht 10.10.2013 10:55:06
- Zuletzt bearbeitet 29.04.2026 01:13:23
Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, l...
CVE-2013-4342
- EPSS 6.39%
- Veröffentlicht 10.10.2013 00:55:14
- Zuletzt bearbeitet 29.04.2026 01:13:23
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.
CVE-2013-4332
- EPSS 2.61%
- Veröffentlicht 09.10.2013 22:55:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_mema...
CVE-2013-4288
- EPSS 0.34%
- Veröffentlicht 03.10.2013 21:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new A...
CVE-2013-4311
- EPSS 0.4%
- Veröffentlicht 03.10.2013 21:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2)...
CVE-2013-4324
- EPSS 0.38%
- Veröffentlicht 03.10.2013 21:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race co...
CVE-2013-4326
- EPSS 0.37%
- Veröffentlicht 03.10.2013 21:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process...
CVE-2013-2231
- EPSS 0.45%
- Veröffentlicht 01.10.2013 17:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, a...