Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-28 | CVE-2013-2211 | Permissions, Privileges, and Access Controls vulnerability in XEN The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors. | 7.4 |
| 2013-08-28 | CVE-2013-2176 | Resource Management Errors vulnerability in Redhat Enterprise Virtualization 3.0/3.2 Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privileges via a Trojan horse application. | 7.2 |
| 2013-08-28 | CVE-2013-2077 | Permissions, Privileges, and Access Controls vulnerability in XEN Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. | 5.2 |
| 2013-08-28 | CVE-2013-2072 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap. | 7.4 |
| 2013-08-28 | CVE-2013-1432 | Resource Management Errors vulnerability in XEN Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (premature page free and hypervisor crash) or possibly gain privileges via unspecified vectors. | 7.4 |
| 2013-08-28 | CVE-2013-4039 | Information Exposure vulnerability in IBM Websphere Extended Deployment Compute Grid IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via unspecified vectors. | 4.0 |
| 2013-08-28 | CVE-2013-4033 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 and DB2 Connect IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. | 4.6 |
| 2013-08-28 | CVE-2013-3582 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dell products Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value. | 7.6 |
| 2013-08-28 | CVE-2013-3271 | Credentials Management vulnerability in EMC RSA Authentication Agent 7.0.0/7.0.1/7.0.2 EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack. | 5.0 |
| 2013-08-28 | CVE-2013-3077 | Numeric Errors vulnerability in Freebsd Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries. | 7.2 |