Total
243251 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-2844 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution. | |||||
CVE-2013-4943 | 1 Siemens | 1 Comos | 2023-12-10 | 7.2 HIGH | N/A |
The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access. | |||||
CVE-2013-0249 | 2 Canonical, Haxx | 3 Ubuntu Linux, Curl, Libcurl | 2023-12-10 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. | |||||
CVE-2012-4582 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2023-12-10 | 4.9 MEDIUM | N/A |
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. | |||||
CVE-2012-1698 | 1 Sun | 1 Sunos | 2023-12-10 | 2.1 LOW | N/A |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD. | |||||
CVE-2013-4465 | 1 Simplemachines | 1 Simple Machines Forum | 2023-12-10 | 4.6 MEDIUM | N/A |
Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
CVE-2013-3199 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
CVE-2013-0650 | 5 Adobe, Apple, Google and 2 more | 9 Adobe Air, Adobe Air Sdk, Adobe Air Sdk And Compiler and 6 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2012-2921 | 1 Mark Pilgrim | 1 Feedparser | 2023-12-10 | 5.0 MEDIUM | N/A |
Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document. | |||||
CVE-2011-2504 | 1 Xfree86 | 1 X11perf | 2023-12-10 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory. | |||||
CVE-2013-6058 | 1 Apprain | 1 Apprain | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/. | |||||
CVE-2013-0663 | 1 Schneider-electric | 3 Modicon M340, Modicon Premium, Modicon Quantum Plc | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials. | |||||
CVE-2012-4486 | 2 Boombatower, Drupal | 2 Subuser, Drupal | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors. | |||||
CVE-2012-3365 | 1 Php | 1 Php | 2023-12-10 | 5.0 MEDIUM | N/A |
The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. | |||||
CVE-2013-6995 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | |||||
CVE-2013-2138 | 1 Menalto | 1 Gallery | 2023-12-10 | 7.5 HIGH | N/A |
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack. | |||||
CVE-2012-1733 | 1 Oracle | 1 Peoplesoft Products | 2023-12-10 | 3.5 LOW | N/A |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to CM. | |||||
CVE-2012-0066 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2023-12-10 | 4.3 MEDIUM | N/A |
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. | |||||
CVE-2013-0487 | 1 Ibm | 1 Lotus Domino | 2023-12-10 | 8.5 HIGH | N/A |
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. | |||||
CVE-2013-2989 | 1 Ibm | 1 Sterling Connect | 2023-12-10 | 6.8 MEDIUM | N/A |
The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, 4.0.00, and 4.1.0 for UNIX on AIX 6.1 through 7.1 uses incorrect privileges, which allows local users to bypass filesystem read permissions and write permissions by leveraging authentication to the Connect:Direct product. |