Vulnerabilities (CVE)

Total 243251 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-2844 1 Google 1 Chrome 2023-12-10 7.5 HIGH N/A
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution.
CVE-2013-4943 1 Siemens 1 Comos 2023-12-10 7.2 HIGH N/A
The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access.
CVE-2013-0249 2 Canonical, Haxx 3 Ubuntu Linux, Curl, Libcurl 2023-12-10 7.5 HIGH N/A
Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.
CVE-2012-4582 1 Mcafee 2 Email And Web Security, Email Gateway 2023-12-10 4.9 MEDIUM N/A
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors.
CVE-2012-1698 1 Sun 1 Sunos 2023-12-10 2.1 LOW N/A
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD.
CVE-2013-4465 1 Simplemachines 1 Simple Machines Forum 2023-12-10 4.6 MEDIUM N/A
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
CVE-2013-3199 1 Microsoft 1 Internet Explorer 2023-12-10 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2013-0650 5 Adobe, Apple, Google and 2 more 9 Adobe Air, Adobe Air Sdk, Adobe Air Sdk And Compiler and 6 more 2023-12-10 10.0 HIGH N/A
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2012-2921 1 Mark Pilgrim 1 Feedparser 2023-12-10 5.0 MEDIUM N/A
Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.
CVE-2011-2504 1 Xfree86 1 X11perf 2023-12-10 6.9 MEDIUM N/A
Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory.
CVE-2013-6058 1 Apprain 1 Apprain 2023-12-10 7.5 HIGH N/A
SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.
CVE-2013-0663 1 Schneider-electric 3 Modicon M340, Modicon Premium, Modicon Quantum Plc 2023-12-10 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
CVE-2012-4486 2 Boombatower, Drupal 2 Subuser, Drupal 2023-12-10 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors.
CVE-2012-3365 1 Php 1 Php 2023-12-10 5.0 MEDIUM N/A
The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.
CVE-2013-6995 2023-12-10 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
CVE-2013-2138 1 Menalto 1 Gallery 2023-12-10 7.5 HIGH N/A
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.
CVE-2012-1733 1 Oracle 1 Peoplesoft Products 2023-12-10 3.5 LOW N/A
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to CM.
CVE-2012-0066 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2023-12-10 4.3 MEDIUM N/A
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file.
CVE-2013-0487 1 Ibm 1 Lotus Domino 2023-12-10 8.5 HIGH N/A
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.
CVE-2013-2989 1 Ibm 1 Sterling Connect 2023-12-10 6.8 MEDIUM N/A
The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product.