Total
240427 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4944 | 1 Python | 1 Python | 2024-02-04 | 1.9 LOW | N/A |
| Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | |||||
| CVE-2012-1143 | 2 Freetype, Mozilla | 2 Freetype, Firefox Mobile | 2024-02-04 | 4.3 MEDIUM | N/A |
| FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font. | |||||
| CVE-2011-5208 | 2 Backwpup, Wordpress | 2 Backwpup, Wordpress | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the wpabs parameter to (1) app/options-view_log-iframe.php or (2) app/options-runnow-iframe.php. | |||||
| CVE-2010-5063 | 1 Vwar | 1 Virtual War | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter. | |||||
| CVE-2013-5781 | 1 Oracle | 4 Sparc T4-1, Sparc T4-1b, Sparc T4-4 and 1 more | 2024-02-04 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle PARC Enterprise T4 Servers running Sun System Firmware before 8.3.0.b allows local users to affect confidentiality, integrity, and availability via vectors related to Sun System Firmware/Integrated Lights Out Manager (ILOM). | |||||
| CVE-2012-4350 | 1 Symantec | 1 Enterprise Security Manager | 2024-02-04 | 7.2 HIGH | N/A |
| Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors. | |||||
| CVE-2010-5065 | 1 Vwar | 1 Virtual War | 2024-02-04 | 5.0 MEDIUM | N/A |
| popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action. | |||||
| CVE-2012-2091 | 2 Flightgear, Simgear | 2 Flightgear, Simgear | 2024-02-04 | 9.3 HIGH | N/A |
| Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx. | |||||
| CVE-2012-4024 | 1 Squashfs Project | 1 Squashfs | 2024-02-04 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source. | |||||
| CVE-2012-5891 | 1 Dalbum | 1 Dalbum | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action. | |||||
| CVE-2012-5691 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2024-02-04 | 9.3 HIGH | N/A |
| Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file. | |||||
| CVE-2013-2343 | 1 Hp | 3 Lefthand P4000 Virtual San Appliance, Lefthand Virtual San Appliance Hydra, Lefthand Virtual San Appliance Hydra Software | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510. | |||||
| CVE-2013-6329 | 1 Ibm | 3 Content Manager Ondemand For Multiplatforms, Global Security Kit, Security Access Manager For Web | 2024-02-04 | 7.8 HIGH | N/A |
| IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session. | |||||
| CVE-2013-3610 | 1 Asus | 2 Rt-n10e, Rt-n10e Firmware | 2024-02-04 | 6.1 MEDIUM | N/A |
| qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. | |||||
| CVE-2012-2259 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none. | |||||
| CVE-2012-6578 | 1 Bestpractical | 1 Request Tracker | 2024-02-04 | 4.3 MEDIUM | N/A |
| Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics. | |||||
| CVE-2011-4604 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 6.8 MEDIUM | N/A |
| The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet. | |||||
| CVE-2013-6054 | 1 Uclouvain | 1 Openjpeg | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and remote vectors, a different vulnerability than CVE-2013-6045. | |||||
| CVE-2012-5574 | 1 Sensiolabs | 1 Symfony | 2024-02-04 | 5.0 MEDIUM | N/A |
| lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. | |||||
| CVE-2012-3963 | 5 Canonical, Mozilla, Opensuse and 2 more | 15 Ubuntu Linux, Firefox, Firefox Esr and 12 more | 2024-02-04 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||