Total
250918 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4096 | 1 Cisco | 1 Unified Computing System | 2023-12-10 | 6.2 MEDIUM | N/A |
The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574. | |||||
CVE-2012-4496 | 2 Drupal, Inclind | 2 Drupal, Custom Pub | 2023-12-10 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter. | |||||
CVE-2013-3911 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
CVE-2013-2895 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 5.4 MEDIUM | N/A |
drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device. | |||||
CVE-2013-3435 | 1 Cisco | 2 Unified Ip Conference Station 7937g, Unified Ip Conference Station 7937g Firmware | 2023-12-10 | 5.0 MEDIUM | N/A |
The Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka Bug ID CSCuh42052. | |||||
CVE-2013-1504 | 1 Oracle | 1 Fusion Middleware | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-2390. | |||||
CVE-2013-1290 | 1 Microsoft | 1 Sharepoint Server | 2023-12-10 | 3.5 LOW | N/A |
Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability." | |||||
CVE-2013-1876 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2615. Reason: This candidate is a duplicate of CVE-2013-2615. Notes: All CVE users should reference CVE-2013-2615 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2012-1800 | 1 Siemens | 4 Scalance S602, Scalance S612, Scalance S613 and 1 more | 2023-12-10 | 6.1 MEDIUM | N/A |
Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame. | |||||
CVE-2013-5418 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2012-0835 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator." | |||||
CVE-2013-2785 | 1 Ge | 2 Intelligent Platforms Proficy Hmi\/scada Cimplicity, Intelligent Platforms Proficy Process Systems With Cimplicity | 2023-12-10 | 9.3 HIGH | N/A |
Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624. | |||||
CVE-2012-4250 | 1 Samsung | 1 Net-i Viewer | 2023-12-10 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument. | |||||
CVE-2013-1047 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2023-12-10 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||||
CVE-2012-5808 | 2 Firstdata, Zen-cart | 2 Linkpoint, Zen Cart | 2023-12-10 | 5.8 MEDIUM | N/A |
The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2013-1802 | 1 Dan Kubb | 1 Extlib | 2023-12-10 | 7.5 HIGH | N/A |
The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. | |||||
CVE-2012-2731 | 2 Drupal, Richardo Ante | 2 Drupal, Ubercart Ajax Cart | 2023-12-10 | 2.6 LOW | N/A |
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. | |||||
CVE-2012-5002 | 1 Ricoh | 2 Dl-10, Sr10 Ftp Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command. | |||||
CVE-2012-6524 | 1 Powie | 1 Pgb | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2013-1553 | 1 Oracle | 1 Fusion Middleware | 2023-12-10 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Services Security. |