Total
247013 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1445 | 1 Dlitz | 1 Pycrypto | 2023-12-10 | 4.3 MEDIUM | N/A |
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process. | |||||
CVE-2013-4786 | 2 Intel, Oracle | 2 Intelligent Platform Management Interface, Fujitsu M10 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC. | |||||
CVE-2012-6354 | 1 Ibm | 2 San Volume Controller Software, Storwize V7000 | 2023-12-10 | 7.5 HIGH | N/A |
The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets. | |||||
CVE-2013-2443 | 2 Oracle, Sun | 4 Jdk, Jre, Jdk and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class. | |||||
CVE-2013-4947 | 1 Sawmill | 1 Sawmill | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in the update and build database page in Sawmill before 8.6.3 allows remote attackers to have unknown impact and attack vectors. | |||||
CVE-2012-1132 | 2 Freetype, Mozilla | 2 Freetype, Firefox Mobile | 2023-12-10 | 9.3 HIGH | N/A |
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font. | |||||
CVE-2013-0860 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | N/A |
The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. | |||||
CVE-2013-5413 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2023-12-10 | 4.3 MEDIUM | N/A |
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | |||||
CVE-2013-2031 | 2 Gentoo, Mediawiki | 2 Linux, Mediawiki | 2023-12-10 | 4.3 MEDIUM | N/A |
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox. | |||||
CVE-2012-3058 | 1 Cisco | 11 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Catalyst 6500 and 8 more | 2023-12-10 | 7.8 HIGH | N/A |
Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCua27134. | |||||
CVE-2013-4729 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 5.5 MEDIUM | N/A |
import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request. | |||||
CVE-2013-2551 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. | |||||
CVE-2012-2730 | 2 Alexis Wilke, Drupal | 2 Protected Node, Drupal | 2023-12-10 | 7.5 HIGH | N/A |
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions. | |||||
CVE-2012-5945 | 1 Ibm | 1 Spss Samplepower | 2023-12-10 | 9.3 HIGH | N/A |
Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allow remote attackers to execute arbitrary code via a long (1) ComboList or (2) ColComboList property value. | |||||
CVE-2012-4028 | 1 Tridium | 1 Niagara Ax | 2023-12-10 | 7.8 HIGH | N/A |
Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. | |||||
CVE-2013-1584 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 2.9 LOW | N/A |
The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. | |||||
CVE-2014-0617 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2023-12-10 | 7.1 HIGH | N/A |
Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet. | |||||
CVE-2013-3586 | 1 Samsung | 2 Dvr, Smart Viewer | 2023-12-10 | 7.6 HIGH | N/A |
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | |||||
CVE-2013-3673 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | N/A |
The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted GIF data. | |||||
CVE-2012-2784 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777. |