Total
10043 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3572 | 2 Nurul Hidayah Hamazulan, Oscc | 2 Mymesyuarat, Mymeeting | 2024-02-04 | 6.0 MEDIUM | N/A |
| Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document. | |||||
| CVE-2012-2118 | 1 X.org | 1 X11 | 2024-02-04 | 10.0 HIGH | N/A |
| Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name. | |||||
| CVE-2013-3860 | 1 Microsoft | 1 .net Framework | 2024-02-04 | 7.8 HIGH | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML document, aka "Entity Expansion Vulnerability." | |||||
| CVE-2013-1828 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 6.9 MEDIUM | N/A |
| The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call. | |||||
| CVE-2012-2705 | 2 Christopher Mitchell, Drupal | 2 Smart Breadcrumb, Drupal | 2024-02-04 | 2.1 LOW | N/A |
| The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter. | |||||
| CVE-2013-5470 | 1 Cisco | 1 Secure Access Control System | 2024-02-04 | 5.0 MEDIUM | N/A |
| Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488. | |||||
| CVE-2013-1629 | 1 Pypa | 1 Pip | 2024-02-04 | 6.8 MEDIUM | N/A |
| pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install" operation. | |||||
| CVE-2013-2787 | 1 Alstom | 1 E-terracontrol | 2024-02-04 | 7.8 HIGH | N/A |
| Alstom e-terracontrol 3.5, 3.6, and 3.7 allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets. | |||||
| CVE-2013-4339 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 7.5 HIGH | N/A |
| WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. | |||||
| CVE-2013-3634 | 1 Siemens | 7 Scalance X200-4p Irt, Scalance X200irt Firmware, Scalance X201-3p Irt and 4 more | 2024-02-04 | 7.5 HIGH | N/A |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials. | |||||
| CVE-2013-6700 | 1 Cisco | 1 Ios Xr | 2024-02-04 | 5.0 MEDIUM | N/A |
| The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. | |||||
| CVE-2013-4096 | 1 Ds3 | 1 Authentication Server | 2024-02-04 | 9.0 HIGH | N/A |
| ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field. | |||||
| CVE-2013-5526 | 1 Cisco | 2 Unified Ip Phone 9951, Unified Ip Phone 9971 | 2024-02-04 | 7.1 HIGH | N/A |
| Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service (device reboot) via crafted SDP packets, aka Bug ID CSCuf06698. | |||||
| CVE-2013-6336 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | N/A |
| The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2012-4102 | 1 Cisco | 1 Unified Computing System | 2024-02-04 | 6.8 MEDIUM | N/A |
| The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02600. | |||||
| CVE-2013-6015 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets. | |||||
| CVE-2012-6499 | 2 Age Verification Project, Wordpress | 2 Age Verification, Wordpress | 2024-02-04 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. | |||||
| CVE-2012-5646 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-02-04 | 7.5 HIGH | N/A |
| node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO. | |||||
| CVE-2013-4788 | 1 Gnu | 2 Eglibc, Glibc | 2024-02-04 | 5.1 MEDIUM | N/A |
| The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. | |||||
| CVE-2013-3512 | 1 Gwos | 1 Groundwork Monitor | 2024-02-04 | 6.5 MEDIUM | N/A |
| The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not properly perform authorization checks, which allows remote authenticated users to read or modify configuration settings via unspecified vectors, as demonstrated by reading credentials. | |||||