Total
248503 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4144 | 4 Apple, Linux, Microsoft and 1 more | 4 Mac Os X, Linux Kernel, Windows and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
| Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document. | |||||
| CVE-2013-1875 | 1 Rubygems | 1 Command Wrap | 2023-12-10 | 7.5 HIGH | N/A |
| command_wrap.rb in the command_wrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename. | |||||
| CVE-2013-5099 | 1 Anchor | 1 Anchor Cms | 2023-12-10 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php. | |||||
| CVE-2013-3120 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125. | |||||
| CVE-2012-3445 | 1 Redhat | 1 Libvirt | 2023-12-10 | 3.5 LOW | N/A |
| The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer. | |||||
| CVE-2012-4685 | 1 Arbornetworks | 1 Peakflow Sp | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index. | |||||
| CVE-2013-0022 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." | |||||
| CVE-2013-1501 | 1 Oracle | 1 E-business Suite | 2023-12-10 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Login. | |||||
| CVE-2013-2001 | 1 X | 1 Libxxf86vm | 2023-12-10 | 6.8 MEDIUM | N/A |
| Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function. | |||||
| CVE-2013-0810 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
| Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability." | |||||
| CVE-2013-2976 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 1.9 LOW | N/A |
| The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-2686 | 1 Openssl | 1 Openssl | 2023-12-10 | 5.0 MEDIUM | N/A |
| crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data. | |||||
| CVE-2013-0391 | 1 Oracle | 1 Peoplesoft Products | 2023-12-10 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security. | |||||
| CVE-2013-4959 | 1 Puppet | 1 Puppet Enterprise | 2023-12-10 | 2.1 LOW | N/A |
| Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache. | |||||
| CVE-2012-4056 | 1 Uiga | 1 Personal Portal | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2012-1452 | 3 Cat, Emsisoft, Ikarus | 3 Quick Heal, Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner | 2023-12-10 | 4.3 MEDIUM | N/A |
| The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a CAB file with a modified reserved1 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
| CVE-2012-1340 | 1 Cisco | 2 Mds 9000, Mds 9000 Nx-os | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 and 5.2 on MDS 9000 series switches allows remote attackers to cause a denial of service (module reload) via a crafted FCIP header, aka Bug ID CSCtn93151. | |||||
| CVE-2013-1670 | 1 Mozilla | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
| The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. | |||||
| CVE-2011-2502 | 1 Systemtap | 1 Systemtap | 2023-12-10 | 4.4 MEDIUM | N/A |
| runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, which allows local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument. | |||||
| CVE-2013-4832 | 1 Hp | 1 Service Manager | 2023-12-10 | 4.0 MEDIUM | N/A |
| HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||