Total
247242 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-0406 | 1 Sun | 1 Sunos | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec. | |||||
CVE-2012-3680 | 1 Apple | 1 Safari | 2023-12-10 | 9.3 HIGH | N/A |
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | |||||
CVE-2012-2640 | 2 Google, Yomecolle | 2 Android, Nec Biglobe Yome Collection | 2023-12-10 | 5.0 MEDIUM | N/A |
The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE permission. | |||||
CVE-2012-3697 | 1 Apple | 1 Safari | 2023-12-10 | 7.1 HIGH | N/A |
WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise. | |||||
CVE-2013-0673 | 1 Matrikonopc | 1 Matrikonopc A\&e Historian | 2023-12-10 | 9.4 HIGH | N/A |
Directory traversal vulnerability in the web interface in the Health Monitor service in MatrikonOPC A&E Historian 1.0.0.0 allows remote attackers to read and delete arbitrary files via a crafted URL. | |||||
CVE-2012-6075 | 7 Canonical, Debian, Fedoraproject and 4 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. | |||||
CVE-2013-5387 | 1 Ibm | 1 Platform Symphony | 2023-12-10 | 4.3 MEDIUM | N/A |
Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request data. | |||||
CVE-2012-5149 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2023-12-10 | 7.5 HIGH | N/A |
Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2013-1225 | 1 Cisco | 1 Unified Customer Voice Portal | 2023-12-10 | 7.8 HIGH | N/A |
Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366. | |||||
CVE-2013-6814 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.8 MEDIUM | N/A |
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. | |||||
CVE-2012-1576 | 1 Atheme | 1 Atheme | 2023-12-10 | 6.0 MEDIUM | N/A |
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user. | |||||
CVE-2013-6164 | 1 Projeqtor | 1 Projeqtor | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter. | |||||
CVE-2012-2025 | 1 Adobe | 2 Illustrator, Illustrator Cs5.5 | 2023-12-10 | 10.0 HIGH | N/A |
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2026. | |||||
CVE-2013-2003 | 1 X | 1 Libxcursor | 2023-12-10 | 6.8 MEDIUM | N/A |
Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function. | |||||
CVE-2012-0071 | 1 Oracle | 1 Fusion Middleware | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0093. | |||||
CVE-2013-6243 | 1 Landing Pages Project | 1 Landing Pages Plugin | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the "post" parameter to index.php. | |||||
CVE-2013-7232 | 1 Esri | 1 Arcgis | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. | |||||
CVE-2012-3958 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2011-5188 | 2 Drupal, Tag1consulting | 2 Drupal, Support Timer | 2023-12-10 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-0805 | 1 Sqlalchemy | 1 Sqlalchemy | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function. |