CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-0430 119 Overflow 2013-12-27 2013-12-27
7.4
None Local Network Medium ??? Complete Complete Complete
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write to arbitrary QEMU memory by modifying the address that is used by Cairo for memory mappings.
2 CVE-2010-1819 Exec Code 2013-12-27 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3) CoreAudioToolbox.dll that is located in the same folder as a .pic image file.
3 CVE-2011-2519 476 DoS 2013-12-27 2020-12-08
5.5
None Local Network Low ??? None None Complete
Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.
4 CVE-2011-3934 399 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the vp3_update_thread_context function in libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted vp3 data.
5 CVE-2011-3935 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to a crafted image size.
6 CVE-2011-3941 119 Overflow 2013-12-09 2014-01-04
7.5
None Remote Low Not required Partial Partial Partial
The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write.
7 CVE-2011-3944 2013-12-09 2014-03-08
6.8
None Remote Medium Not required Partial Partial Partial
The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data.
8 CVE-2011-3946 399 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop.
9 CVE-2011-3949 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.
10 CVE-2011-3950 2013-12-09 2013-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number.
11 CVE-2011-4351 119 Exec Code Overflow 2013-12-09 2013-12-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.
12 CVE-2011-4971 189 DoS 2013-12-12 2018-03-25
5.0
None Remote Low Not required None None Partial
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
13 CVE-2011-5268 310 DoS 2013-12-24 2014-01-04
4.3
None Remote Medium Not required None None Partial
connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue.
14 CVE-2012-0261 94 Exec Code 2013-12-31 2014-01-02
10.0
None Remote Low Not required Complete Complete Complete
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
15 CVE-2012-0262 94 Exec Code 2013-12-31 2014-01-02
10.0
None Remote Low Not required Complete Complete Complete
op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
16 CVE-2012-0263 200 +Info 2013-12-31 2014-01-02
4.0
None Remote Low ??? Partial None None
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.
17 CVE-2012-0264 264 2013-12-31 2014-01-02
10.0
None Remote Low Not required Complete Complete Complete
op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors.
18 CVE-2012-0414 79 XSS 2013-12-02 2014-03-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name.
19 CVE-2012-0420 2013-12-02 2013-12-03
4.4
None Local Medium Not required Partial Partial Partial
zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable.
20 CVE-2012-0425 200 +Info 2013-12-02 2018-10-30
7.8
None Remote Low Not required Complete None None
LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the (1) WIRELESS_WPA_PASSWORD or (2) WIRELESS_CLIENT_KEY_PASSWORD field.
21 CVE-2012-0426 362 2013-12-02 2013-12-03
7.2
None Local Low Not required Complete Complete Complete
Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory.
22 CVE-2012-0427 264 +Priv 2013-12-02 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.
23 CVE-2012-0434 264 2013-12-02 2014-03-04
10.0
None Remote Low Not required Complete Complete Complete
The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors.
24 CVE-2012-3047 79 XSS 2013-12-10 2013-12-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
25 CVE-2012-4131 22 Dir. Trav. 2013-12-21 2013-12-23
4.6
None Local Low ??? Complete None None
Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
26 CVE-2012-4135 22 Dir. Trav. 2013-12-21 2013-12-23
4.6
None Local Low ??? None Complete None
Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275.
27 CVE-2012-5394 352 CSRF 2013-12-13 2013-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading.
28 CVE-2012-6150 20 Bypass 2013-12-03 2017-01-07
3.6
None Remote High ??? Partial Partial None
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
29 CVE-2012-6151 399 DoS 2013-12-13 2017-08-29
4.3
None Remote Medium Not required None None Partial
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
30 CVE-2012-6535 94 DoS Exec Code Mem. Corr. 2013-12-02 2014-01-24
9.3
None Remote Medium Not required Complete Complete Complete
DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.
31 CVE-2012-6612 2013-12-07 2014-03-08
7.5
None Remote Low Not required Partial Partial Partial
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407.
32 CVE-2012-6615 DoS 2013-12-24 2013-12-26
4.3
None Remote Medium Not required None None Partial
The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text.
33 CVE-2012-6616 119 DoS Overflow 2013-12-24 2013-12-26
5.0
None Remote Low Not required None None Partial
The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via crafted 3GPP TS 26.245 data.
34 CVE-2012-6617 DoS 2013-12-24 2013-12-26
4.3
None Remote Medium Not required None None Partial
The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format.
35 CVE-2012-6618 119 DoS Overflow 2013-12-24 2014-02-21
2.6
None Remote High Not required None None Partial
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient "frames to estimate rate."
36 CVE-2013-0348 264 +Info 2013-12-13 2018-10-30
2.1
None Local Low Not required Partial None None
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
37 CVE-2013-0844 189 2013-12-07 2014-01-28
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in the adpcm_decode_frame function in libavcodec/adpcm.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via crafted DK4 data, which triggers an out-of-bounds array access.
38 CVE-2013-0845 119 Overflow 2013-12-07 2014-03-08
9.3
None Remote Medium Not required Complete Complete Complete
libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write.
39 CVE-2013-0846 20 2013-12-07 2014-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in the qdm2_decode_super_block function in libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted QDM2 data, which triggers an out-of-bounds array access.
40 CVE-2013-0847 119 Overflow 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via ID3v2 header data, which triggers an out-of-bounds array access.
41 CVE-2013-0848 119 Overflow 2013-12-07 2015-11-16
9.3
None Remote Medium Not required Complete Complete Complete
The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted width in huffyuv data with the predictor set to median and the colorspace set to YUV422P, which triggers an out-of-bounds array access.
42 CVE-2013-0849 20 2013-12-07 2014-03-08
9.3
None Remote Medium Not required Complete Complete Complete
The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data.
43 CVE-2013-0850 119 Overflow 2013-12-07 2014-01-28
9.3
None Remote Medium Not required Complete Complete Complete
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access.
44 CVE-2013-0851 119 Overflow 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.
45 CVE-2013-0852 119 Overflow 2013-12-07 2015-11-16
9.3
None Remote Medium Not required Complete Complete Complete
The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.
46 CVE-2013-0853 189 2013-12-07 2014-01-28
9.3
None Remote Medium Not required Complete Complete Complete
The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted WavPack data, which triggers an out-of-bounds array access, possibly due to an off-by-one error.
47 CVE-2013-0854 20 2013-12-07 2014-01-28
9.3
None Remote Medium Not required Complete Complete Complete
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data.
48 CVE-2013-0855 189 Overflow 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-bounds array access.
49 CVE-2013-0856 20 2013-12-07 2013-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value.
50 CVE-2013-0857 20 2013-12-07 2014-01-28
9.3
None Remote Medium Not required Complete Complete Complete
The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted height value in IFF PBM/ILBM bitmap data.
Total number of vulnerabilities : 484   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.