Total
246866 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4210 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Soa Platform and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. | |||||
CVE-2013-0947 | 1 Rsa | 1 Authentication Manager | 2023-12-10 | 2.1 LOW | N/A |
EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file. | |||||
CVE-2012-5480 | 1 Moodle | 1 Moodle | 2023-12-10 | 6.4 MEDIUM | N/A |
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search. | |||||
CVE-2013-4393 | 1 Systemd Project | 1 Systemd | 2023-12-10 | 2.1 LOW | N/A |
journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor. | |||||
CVE-2013-5866 | 1 Oracle | 1 Sunos | 2023-12-10 | 5.2 MEDIUM | N/A |
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. | |||||
CVE-2013-3219 | 1 Bitcoin | 1 Bitcoin Core | 2023-12-10 | 5.0 MEDIUM | N/A |
bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product versions. | |||||
CVE-2011-4358 | 1 Oracle | 1 Sun Glassfish Enterprise Server | 2023-12-10 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF. | |||||
CVE-2012-5665 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 4.3 MEDIUM | N/A |
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file. | |||||
CVE-2012-1238 | 1 Icz | 1 Sencha Sns | 2023-12-10 | 4.3 MEDIUM | N/A |
Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2013-5039 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2023-12-10 | 5.4 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter. | |||||
CVE-2013-1680 | 1 Mozilla | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
CVE-2012-5587 | 2 Drupal, Epiqo | 2 Drupal, Email | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. | |||||
CVE-2012-3843 | 1 E107 | 1 E107 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-5127 | 1 Apple | 1 Iphone Os | 2023-12-10 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||||
CVE-2012-6599 | 1 Paloaltonetworks | 1 Pan-os | 2023-12-10 | 9.0 HIGH | N/A |
The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476. | |||||
CVE-2013-5543 | 1 Cisco | 7 Asr 1001, Asr 1002, Asr 1002-x and 4 more | 2023-12-10 | 7.8 HIGH | N/A |
Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devices allows remote attackers to cause a denial of service (device reload) via malformed ICMP error packets associated with a (1) TCP or (2) UDP session that is under inspection by the Zone-Based Firewall (ZBFW) component, aka Bug ID CSCtt26470. | |||||
CVE-2011-2578 | 1 Cisco | 1 Ios | 2023-12-10 | 7.8 HIGH | N/A |
Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption) via malformed SIP packets on a NAT interface, aka Bug ID CSCts12366. | |||||
CVE-2012-4255 | 1 Mysqldumper | 1 Mysqldumper | 2023-12-10 | 4.3 MEDIUM | N/A |
MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message. | |||||
CVE-2012-4348 | 1 Symantec | 1 Endpoint Protection | 2023-12-10 | 7.2 HIGH | N/A |
The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
CVE-2012-1836 | 1 Inspircd | 1 Inspircd | 2023-12-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression. |