Total
248792 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1496 | 1 Sun | 1 Sunos | 2023-12-10 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498. | |||||
CVE-2012-3633 | 1 Apple | 1 Safari | 2023-12-10 | 9.3 HIGH | N/A |
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. | |||||
CVE-2012-1677 | 1 Oracle | 1 Fusion Middleware | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors. | |||||
CVE-2013-2482 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2023-12-10 | 6.1 MEDIUM | N/A |
The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. | |||||
CVE-2012-0511 | 1 Oracle | 1 Database Server | 2023-12-10 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in the OCI component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
CVE-2012-2109 | 2 Buddypress, Wordpress | 2 Buddypress, Wordpress | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action. | |||||
CVE-2013-0925 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors. | |||||
CVE-2012-4532 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl/default.php in the Language Switcher module for Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2013-6285 | 1 Tylertech | 1 Taxweb | 2023-12-10 | 5.0 MEDIUM | N/A |
The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020. | |||||
CVE-2013-4382 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5937. Reason: This candidate is a duplicate of CVE-2013-5937. Notes: All CVE users should reference CVE-2013-5937 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2012-3224 | 1 Oracle | 1 Financial Services Software | 2023-12-10 | 3.5 LOW | N/A |
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE. | |||||
CVE-2012-2812 | 1 Libexif Project | 1 Libexif | 2023-12-10 | 6.4 MEDIUM | N/A |
The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. | |||||
CVE-2011-5189 | 2 Drupal, Svendecabooter | 2 Drupal, Webform Validation | 2023-12-10 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-4296 | 2 Canonical, Redhat | 3 Ubuntu Linux, Enterprise Linux, Libvirt | 2023-12-10 | 4.0 MEDIUM | N/A |
The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call. | |||||
CVE-2013-5601 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API. | |||||
CVE-2012-4579 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. | |||||
CVE-2012-2122 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2023-12-10 | 5.1 MEDIUM | N/A |
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. | |||||
CVE-2013-3201 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3203, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209. | |||||
CVE-2013-6193 | 1 Hp | 25 Color Laserjet Cm1312nfi Multifunction Printer, Color Laserjet Cm2320n Multifunction Printer, Color Laserjet Cp1515 and 22 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers allows remote attackers to cause a denial of service via unknown vectors. | |||||
CVE-2012-3159 | 2 Oracle, Sun | 4 Jdk, Jre, Jdk and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533. |