Total
240435 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2133 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.0 MEDIUM | N/A |
Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data. | |||||
CVE-2012-1756 | 1 Oracle | 1 Mysql | 2024-02-04 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors. | |||||
CVE-2011-1390 | 1 Ibm | 1 Rational Clearquest | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature. | |||||
CVE-2013-6197 | 1 Hp | 3 Service Manager, Service Manager Web Client, Service Manager Web Tier | 2024-02-04 | 5.2 MEDIUM | N/A |
Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||||
CVE-2011-5143 | 1 Obm | 1 Open Business Management | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_name, (2) tf_delegation, and (3) tf_ip parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2012-4116 | 1 Cisco | 1 Unified Computing System | 2024-02-04 | 4.3 MEDIUM | N/A |
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970. | |||||
CVE-2013-5967 | 1 Alienvault | 1 Open Source Security Information Management | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/. | |||||
CVE-2012-4391 | 1 Owncloud | 1 Owncloud | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. | |||||
CVE-2012-6357 | 1 Ibm | 3 Maximo Asset Management, Maximo Asset Management Essentials, Smartcloud Control Desk | 2024-02-04 | 6.5 MEDIUM | N/A |
IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors. | |||||
CVE-2013-5694 | 1 Opsview | 1 Opsview | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter. | |||||
CVE-2011-5115 | 1 Dlguard | 1 Dlguard | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the searchCart parameter to index.php. | |||||
CVE-2012-4729 | 1 Wftpserver | 1 Wing Ftp Server | 2024-02-04 | 6.8 MEDIUM | N/A |
Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands. | |||||
CVE-2011-4355 | 1 Gnu | 1 Gdb | 2024-02-04 | 6.9 MEDIUM | N/A |
GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. | |||||
CVE-2012-2812 | 1 Libexif Project | 1 Libexif | 2024-02-04 | 6.4 MEDIUM | N/A |
The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. | |||||
CVE-2013-5314 | 1 S9y | 1 Serendipity | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter. | |||||
CVE-2013-1855 | 2 Redhat, Rubyonrails | 3 Enterprise Linux, Rails, Ruby On Rails | 2024-02-04 | 4.3 MEDIUM | N/A |
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences. | |||||
CVE-2010-5209 | 1 Nuance | 1 Pdf Reader | 2024-02-04 | 6.9 MEDIUM | N/A |
Multiple untrusted search path vulnerabilities in Nuance PDF Reader 6.0 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) exceptiondumpdll.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. | |||||
CVE-2012-5784 | 2 Apache, Paypal | 5 Activemq, Axis, Mass Pay and 2 more | 2024-02-04 | 5.8 MEDIUM | N/A |
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2012-6050 | 1 Mikrotik | 1 Routeros | 2024-02-04 | 6.4 MEDIUM | N/A |
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll. | |||||
CVE-2011-2693 | 1 Redhat | 1 Enterprise Linux | 2024-02-04 | 1.9 LOW | N/A |
The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red Hat Enterprise Linux (RHEL) 6 does not properly handle NMIs, which might allow local users to cause a denial of service (excessive log messages) via unspecified vectors. |