Total
248795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3201 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3203, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209. | |||||
| CVE-2013-6193 | 1 Hp | 25 Color Laserjet Cm1312nfi Multifunction Printer, Color Laserjet Cm2320n Multifunction Printer, Color Laserjet Cp1515 and 22 more | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2012-3159 | 2 Oracle, Sun | 4 Jdk, Jre, Jdk and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533. | |||||
| CVE-2011-4316 | 1 Redhat | 1 Enterprise Virtualization Manager | 2023-12-10 | 3.7 LOW | N/A |
| Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors. | |||||
| CVE-2012-5213 | 1 Hp | 2 Intelligent Management Center, Intelligent Management Center For Automated Network Manager | 2023-12-10 | 7.8 HIGH | N/A |
| Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1662. | |||||
| CVE-2013-5691 | 1 Freebsd | 1 Freebsd | 2023-12-10 | 6.9 MEDIUM | N/A |
| The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application. | |||||
| CVE-2012-2759 | 2 Netweblogic, Wordpress | 2 Login With Ajax, Wordpress | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php. | |||||
| CVE-2012-4257 | 1 George Karpouzas | 1 Yet Another Question \& Answer System | 2023-12-10 | 5.0 MEDIUM | N/A |
| Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an error message. | |||||
| CVE-2013-6703 | 1 Cisco | 1 Ons 15454 | 2023-12-10 | 7.1 HIGH | N/A |
| The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote attackers to cause a denial of service (card reset) via crafted (1) TLS or (2) SSLv3 packets, aka Bug ID CSCuh34787. | |||||
| CVE-2013-5738 | 1 Wordpress | 1 Wordpress | 2023-12-10 | 4.3 MEDIUM | N/A |
| The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file. | |||||
| CVE-2012-4196 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more | 2023-12-10 | 6.4 MEDIUM | N/A |
| Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. | |||||
| CVE-2011-4969 | 1 Jquery | 1 Jquery | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. | |||||
| CVE-2013-1278 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2023-12-10 | 7.2 HIGH | N/A |
| Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279. | |||||
| CVE-2012-3419 | 1 Sgi | 1 Performance Co-pilot | 2023-12-10 | 5.0 MEDIUM | N/A |
| Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. | |||||
| CVE-2013-7069 | 1 Beyondgrep | 1 Ack | 2023-12-10 | 6.8 MEDIUM | N/A |
| ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched. | |||||
| CVE-2010-5239 | 1 Daemon-tools | 1 Daemon Tools | 2023-12-10 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 and Pro Standard 4.36.0309.0160 allows local users to gain privileges via a Trojan horse mfc80loc.dll file in the current working directory, as demonstrated by a directory that contains a .mds file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-6833 | 1 Freebsd | 1 Freebsd | 2023-12-10 | 4.9 MEDIUM | N/A |
| The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call. | |||||
| CVE-2013-2395 | 1 Oracle | 1 Mysql | 2023-12-10 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567. | |||||
| CVE-2012-1414 | 1 Plume-cms | 1 Plume Cms | 2023-12-10 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action. | |||||
| CVE-2013-1796 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 6.8 MEDIUM | N/A |
| The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. | |||||