CVE-2013-3463 (adaptive_security_appliance, adaptive_security_appliance_software)

CVE-2013-3463 (adaptive_security_appliance, adaptive_security_appliance_software)

The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use an inspected protocol, aka Bug ID CSCuh13899.

Source: CVE-2013-3463 (adaptive_security_appliance, adaptive_security_appliance_software)

CVE-2013-3467 (unified_computing_system_6120xp_fabric_interconnect, unified_computing_system_6140xp_fabric_interconnect)

CVE-2013-3467 (unified_computing_system_6120xp_fabric_interconnect, unified_computing_system_6140xp_fabric_interconnect)

Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of service (memory consumption and device reset) via a (1) "show monitor session all" or (2) "show monitor session" command, aka Bug ID CSCug20103.

Source: CVE-2013-3467 (unified_computing_system_6120xp_fabric_interconnect, unified_computing_system_6140xp_fabric_interconnect)

CVE-2013-3461 (unified_communications_manager)

CVE-2013-3461 (unified_communications_manager)

Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.

Source: CVE-2013-3461 (unified_communications_manager)

CVE-2013-2901 (chrome, debian_linux)

CVE-2013-2901 (chrome, debian_linux)

Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Source: CVE-2013-2901 (chrome, debian_linux)

CVE-2013-2903 (chrome, debian_linux)

CVE-2013-2903 (chrome, debian_linux)

Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving moving a (1) AUDIO or (2) VIDEO element between documents.

Source: CVE-2013-2903 (chrome, debian_linux)

CVE-2013-2902 (chrome, debian_linux)

CVE-2013-2902 (chrome, debian_linux)

Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.

Source: CVE-2013-2902 (chrome, debian_linux)

CVE-2013-2900 (chrome, debian_linux)

CVE-2013-2900 (chrome, debian_linux)

The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name.

Source: CVE-2013-2900 (chrome, debian_linux)