| 2013-07-20 | CVE-2013-2070 | http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. | 5.8 |
| 2013-07-17 | CVE-2013-3804 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
| 2013-07-17 | CVE-2013-3802 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. | 4.0 |
| 2013-07-17 | CVE-2013-3793 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. | 4.0 |
| 2013-07-17 | CVE-2013-3783 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. | 4.0 |
| 2013-06-15 | CVE-2013-2064 | Numeric Errors vulnerability in multiple products
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. | 6.8 |
| 2013-06-09 | CVE-2013-4082 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. | 5.0 |
| 2013-06-09 | CVE-2013-4081 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. | 5.0 |
| 2013-06-09 | CVE-2013-4078 | Improper Input Validation vulnerability in multiple products
epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | 5.0 |
| 2013-06-09 | CVE-2013-4077 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. | 5.0 |