CVE-2013-3244

The CVE-2013-3244 entry concerns SAP ERP Central Component (ECC) specifically the Project System (PS-IS) module. The vulnerability affects the CJDB_FILL_MEMORY_FROM_PPB function, with a root cause described as multiple unspecified vulnerabilities that allow remote attackers to execute arbitrary c...

Buffer overflow

Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie...

CVE-2013-4370

The ocaml binding for the xcvcpugetaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service heap corruption and crash and possibly execute arbitrary code via unspecified vectors that trigger a 1...

CVE-2013-4371

Use-after-free vulnerability in the libxllistcpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service heap corruption and crash...

Double free

The ocaml binding for the xcvcpugetaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service heap corruption and crash and possibly execute arbitrary code via unspecified vectors that trigger a 1...

Integer overflow

Multiple integer overflows in the thread function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 name or 2 link in an archive, which triggers a heap-based buffer overflow...

CVE-2013-4371

Use-after-free vulnerability in the libxllistcpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service heap corruption and crash...

CVE-2013-4397

Multiple integer overflows in the thread function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long 1 name or 2 link in an archive, which triggers a heap-based buffer overflow...

Updated libtar packages fixes security vulnerability

Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially-crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code CVE-2013-4397...

Scientific Linux Security Update : xorg-x11-server on SL5.x, SL6.x i386/x86_64 (20131015)

A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. CVE-2013-4396 Users of proprietary drivers may need to reinstall the...

CVE-2013-4804

Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors...

Buffer overflow

Buffer overflow in the mp4a packetizer modules/packetizer/mpeg4audio.c in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...

CVE-2013-4396

Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted ImageText request that triggers...

CVE-2013-4237

sysdeps/posix/readdirr.c in the GNU C Library aka glibc or libc6 2.18 and earlier allows context-dependent attackers to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a crafted 1 NTFS or 2 CIFS image...

CVE-2013-4237

sysdeps/posix/readdirr.c in the GNU C Library aka glibc or libc6 2.18 and earlier allows context-dependent attackers to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a crafted 1 NTFS or 2 CIFS image...

Buffer overflow

Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service memory corruption and application crash and possibly execute arbitrary code via a "f" value in the NUM...

CVE-2013-3890

Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."...

Memory corruption

Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."...

CVE-2013-4258

CVE-2013-4258 affects Network Audio System (NAS) 1.9.3. A format string vulnerability in the osLogMsg function (server/os/aulog.c) can allow remote attackers to crash NAS or possibly execute arbitrary code via format specifiers related to syslog. Public advisories note multiple vulnerabilities in...

CVE-2013-3897

Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted JavaScript code that uses the onpropertychange event handler, as exploit...