Vulnerabilities (CVE)

Total 243288 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4198 1 Mozilla 1 Bugzilla 2023-12-10 4.0 MEDIUM N/A
The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover private group names by observing whether a call throws an error.
CVE-2012-6565 1 Vanderbilt 1 Redcap 2023-12-10 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels.
CVE-2012-3582 1 Symantec 1 Pgp Universal Server 2023-12-10 2.9 LOW N/A
Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's session.
CVE-2012-1715 1 Oracle 1 E-business Suite 2023-12-10 4.3 MEDIUM N/A
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity, related to HTML Pages.
CVE-2012-6031 1 Xen 1 Xen 2023-12-10 4.7 MEDIUM N/A
The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.
CVE-2012-4020 1 Mosp 1 Kintai Kanri 2023-12-10 4.0 MEDIUM N/A
MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors.
CVE-2013-2098 2023-12-10 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2099. Reason: This candidate is a duplicate of CVE-2013-2099. Notes: All CVE users should reference CVE-2013-2099 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2013-1521 3 Mariadb, Oracle, Redhat 7 Mariadb, Mysql, Enterprise Linux Desktop and 4 more 2023-12-10 6.5 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.
CVE-2012-5225 1 Eliteweaver 1 Xclick Cart 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter.
CVE-2012-5864 1 Sinapsitech 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more 2023-12-10 10.0 HIGH N/A
The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php.
CVE-2013-4419 3 Libguestfs, Novell, Suse 3 Libguestfs, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit 2023-12-10 6.8 MEDIUM N/A
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
CVE-2013-5805 1 Oracle 2 Jdk, Jre 2023-12-10 9.3 HIGH N/A
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5806.
CVE-2013-7128 1 Valvesoftware 1 Steamos 2023-12-10 2.1 LOW N/A
Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this file.
CVE-2013-2440 2 Oracle, Sun 4 Jdk, Jre, Jdk and 1 more 2023-12-10 10.0 HIGH N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435.
CVE-2011-4301 1 Moodle 1 Moodle 2023-12-10 5.0 MEDIUM N/A
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.
CVE-2013-5591 1 Mozilla 5 Firefox, Firefox Esr, Seamonkey and 2 more 2023-12-10 10.0 HIGH N/A
Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-0177 1 Microsoft 3 Office, Works, Works 6-9 File Converter 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
CVE-2012-1030 1 Dotnetnuke 1 Dotnetnuke 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup.
CVE-2013-6745 1 Ibm 1 Security Access Manager For Enterprise Single Sign-on 2023-12-10 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
CVE-2013-3859 1 Microsoft 2 Office, Pinyin Ime 2023-12-10 6.9 MEDIUM N/A
Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability."