Total
250741 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-1568 | 4 Apple, Google, Microsoft and 1 more | 9 Mac Os X, Chrome, Chrome Os and 6 more | 2023-12-10 | 7.5 HIGH | N/A |
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. | |||||
CVE-2012-5317 | 1 Bigware | 1 Bigware Shop | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action. | |||||
CVE-2013-2784 | 1 Triplc | 2 Nano-10 Plc, Nano-10 Plc Firmware | 2023-12-10 | 7.8 HIGH | N/A |
Triangle Research International (aka Tri) Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to cause a denial of service (networking outage) via a crafted packet to TCP port 502. | |||||
CVE-2012-3842 | 1 Jbmc-software | 1 Directadmin | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters. | |||||
CVE-2012-3459 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2023-12-10 | 4.9 MEDIUM | N/A |
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor. | |||||
CVE-2012-4884 | 1 Bestpractical | 1 Rt | 2023-12-10 | 5.0 MEDIUM | N/A |
Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client. | |||||
CVE-2012-2824 | 2 Apple, Google | 2 Iphone Os, Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting. | |||||
CVE-2012-2803 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2023-12-10 | 10.0 HIGH | N/A |
Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value. | |||||
CVE-2011-3363 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share. | |||||
CVE-2013-5865 | 1 Oracle | 1 Sunos | 2023-12-10 | 1.7 LOW | N/A |
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect availability via unknown vectors related to Utility/User administration. | |||||
CVE-2012-5532 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.9 MEDIUM | N/A |
The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. | |||||
CVE-2012-2179 | 1 Ibm | 1 Aix | 2023-12-10 | 6.9 MEDIUM | N/A |
libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2013-1234 | 1 Cisco | 1 Ios Xr | 2023-12-10 | 4.0 MEDIUM | N/A |
The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472. | |||||
CVE-2012-6607 | 1 Augeas | 1 Augeas | 2023-12-10 | 3.3 LOW | N/A |
The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786. | |||||
CVE-2013-2361 | 1 Hp | 1 System Management Homepage | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-5186 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | N/A |
Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | |||||
CVE-2012-1844 | 3 Dell, Ibm, Quantum | 9 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 6 more | 2023-12-10 | 7.5 HIGH | N/A |
The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors. | |||||
CVE-2012-2750 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility. | |||||
CVE-2012-1828 | 1 Efstechnology | 1 Autoform Pdm Archive | 2023-12-10 | 6.5 MEDIUM | N/A |
The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function. | |||||
CVE-2013-0231 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2023-12-10 | 4.9 MEDIUM | N/A |
The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information. |