CVE-2013-4258

Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System NAS 1.9.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog...

CVE-2013-4385

Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service memory corruption and application crash and possibly execute arbitrary code via a "f" value in the NUM...

CVE-2013-2221

Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large packet...

CVE-2013-4758

Double free vulnerability in the writeDataError function in the ElasticSearch plugin omelasticsearch in rsyslog before 7.4.2 and before 7.5.2 devel, when errorfile is set to local logging, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...

CVE-2013-2222

Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted ZRTP Hello packet to the 1 ZRtp::findBestSASType, 2 ZRtp::findBestAuthLen, 3 ZRtp::findBestCipher, 4 ZRtp::findBestHash, or...

Ubuntu: Security Advisory (USN-1986-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-3969

The find prototype in scripting/enginev8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service uninitialized pointer dereference and server crash or possibly execute arbitrary code via an invalid RefDB object...

CVE-2013-1892

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service invalid memory access and server crash or execute arbitrary code via a crafted memory address in the...

Null pointer dereference

The find prototype in scripting/enginev8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service uninitialized pointer dereference and server crash or possibly execute arbitrary code via an invalid RefDB object...

CVE-2013-3969

Removed by vendor...

CVE-2013-1892

Removed by vendor...

CVE-2013-5370

Unspecified vulnerability in IBM SPSS Collaboration and Deployment Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-4042...

Microsoft Office 2010 Visio iFilter memory corruption vulnerability

Overview The Microsoft Office 2010 Visio iFilter contains a memory corruption vulnerability that can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office 2010 provides a set of iFilters that are used by a variety of applications to process Office...

CVE-2013-2238

Summary: CVE-2013-2238 affects FreeSWITCH 1.2.x. Multiple buffer overflows in the switch_perform_substitution logic of switch_regex.c can be triggered by crafted inputs, potentially causing a crash (DoS) and possibly enabling remote code execution. Affected product/component: FreeSWITCH 1.2.x (no...

Out-of-bounds

The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service out-of-bounds write and crash or possibly execute arbitrary code via a crafted GIF image...

CVE-2013-4244

The CVE-2013-4244 issue affects libtiff up to version 4.0.3, where the gif2tiff tool’s LZW decompressor is vulnerable. A crafted GIF image can trigger a denial of service via an out-of-bounds write and crash, and may allow arbitrary code execution. This vulnerability is corroborated by multiple s...

CVE-2013-5093

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...

CVE-2013-1042

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2...

CVE-2013-1035

The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site...

CVE-2013-1722

Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute...