Total
246945 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-1335 | 1 Cisco | 1 Webex Recording Format Player | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1336 and CVE-2012-1337. | |||||
CVE-2012-5255 | 5 Adobe, Apple, Google and 2 more | 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22. | |||||
CVE-2012-0106 | 1 Oracle | 1 Fusion Middleware | 2023-12-10 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web. | |||||
CVE-2011-4612 | 1 Xiph | 1 Icecast | 2023-12-10 | 5.0 MEDIUM | N/A |
icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL. | |||||
CVE-2011-3084 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Google Chrome before 19.0.1084.46 does not use a dedicated process for the loading of links found on an internal page, which might allow attackers to bypass intended sandbox restrictions via a crafted page. | |||||
CVE-2013-3154 | 1 Microsoft | 3 Windows 7, Windows Defender, Windows Server 2008 | 2023-12-10 | 6.9 MEDIUM | N/A |
The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." | |||||
CVE-2013-0138 | 1 Bitberry Software | 1 Bitzipper | 2023-12-10 | 9.3 HIGH | N/A |
BitZipper 2013 before Update 1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ZIP archive. | |||||
CVE-2013-1535 | 1 Oracle | 1 Financial Services Software | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0, 5.1.0, 5.2.0, 5.3.4, and 6.0.1 allows remote attackers to affect confidentiality via vectors related to BASE. | |||||
CVE-2012-3747 | 1 Apple | 1 Iphone Os | 2023-12-10 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
CVE-2013-3962 | 1 Grandstream | 11 Gxv3500, Gxv3501, Gxv3504 and 8 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
CVE-2013-2346 | 1 Hp | 1 Storage Data Protector | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870. | |||||
CVE-2013-5056 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library." | |||||
CVE-2013-6009 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-12-10 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet. | |||||
CVE-2013-0841 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2011-4231 | 1 Cisco | 2 Ios, Ios Xe | 2023-12-10 | 6.3 MEDIUM | N/A |
Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hub with X.509 certificates in use, allows remote authenticated users to cause a denial of service (segmentation fault and device crash) via unspecified vectors, aka Bug ID CSCtq61128. | |||||
CVE-2011-5133 | 1 Mybb | 1 Mybb | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list." | |||||
CVE-2013-1681 | 1 Mozilla | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2013-2859 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. | |||||
CVE-2013-3633 | 1 Siemens | 7 Scalance X200-4p Irt, Scalance X200irt Firmware, Scalance X201-3p Irt and 4 more | 2023-12-10 | 8.0 HIGH | N/A |
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account. | |||||
CVE-2012-5112 | 2 Apple, Google | 2 Iphone Os, Chrome | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors. |