Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0401 | 1 Rsa | 1 Envision | 2017-12-06 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-0402 | 1 Rsa | 1 Envision | 2017-12-06 | 9.3 HIGH | N/A |
| EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors. | |||||
| CVE-2012-0403 | 1 Rsa | 1 Envision | 2017-12-06 | 6.3 MEDIUM | N/A |
| Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. | |||||
| CVE-2012-1447 | 4 Aladdin, Drweb, Fortinet and 1 more | 4 Esafe, Dr.web Antivirus, Fortinet Antivirus and 1 more | 2017-12-06 | 4.3 MEDIUM | N/A |
| The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | |||||
| CVE-2012-1455 | 2 Eset, Rising-global | 2 Nod32 Antivirus, Rising Antivirus | 2017-12-06 | 4.3 MEDIUM | N/A |
| The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a CAB file with a modified vMinor version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
| CVE-2012-1464 | 1 Netmechanica | 1 Netdecision | 2017-12-06 | 5.0 MEDIUM | N/A |
| Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1511 | 1 Vmware | 1 View | 2017-12-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2012-2514 | 1 Sap | 1 Netweaver | 2017-12-06 | 5.0 MEDIUM | N/A |
| The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2011-3097 | 1 Google | 1 Chrome | 2017-12-05 | 10.0 HIGH | N/A |
| The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions. | |||||
| CVE-2011-3099 | 1 Google | 1 Chrome | 2017-12-05 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding. | |||||
| CVE-2012-0297 | 1 Symantec | 1 Web Gateway | 2017-12-05 | 10.0 HIGH | N/A |
| The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data. | |||||
| CVE-2012-0298 | 1 Symantec | 1 Web Gateway | 2017-12-05 | 6.4 MEDIUM | N/A |
| The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors. | |||||
| CVE-2012-0299 | 1 Symantec | 1 Web Gateway | 2017-12-05 | 10.0 HIGH | N/A |
| The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. | |||||
| CVE-2012-0649 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-12-05 | 6.9 MEDIUM | N/A |
| Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. | |||||
| CVE-2012-0651 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-12-05 | 5.0 MEDIUM | N/A |
| The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. | |||||
| CVE-2012-0652 | 1 Apple | 1 Mac Os X | 2017-12-05 | 4.9 MEDIUM | N/A |
| Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log. | |||||
| CVE-2012-0654 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-12-05 | 6.8 MEDIUM | N/A |
| libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. | |||||
| CVE-2012-0655 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-12-05 | 6.4 MEDIUM | N/A |
| libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key. | |||||
| CVE-2012-0656 | 1 Apple | 1 Mac Os X | 2017-12-05 | 6.9 MEDIUM | N/A |
| Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password. | |||||
| CVE-2012-0661 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-12-05 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. | |||||
| CVE-2012-0665 | 1 Apple | 1 Quicktime | 2017-12-05 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. | |||||
| CVE-2012-0676 | 1 Apple | 1 Safari | 2017-12-05 | 5.0 MEDIUM | N/A |
| WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors. | |||||
| CVE-2012-0778 | 1 Adobe | 3 Flash Cs3, Flash Cs4, Flash Cs5.5 | 2017-12-05 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Flash Professional before CS6 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-0780 | 1 Adobe | 2 Illustrator, Illustrator Cs5.5 | 2017-12-05 | 10.0 HIGH | N/A |
| Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026. | |||||
| CVE-2012-0840 | 1 Apache | 1 Portable Runtime | 2017-12-05 | 5.0 MEDIUM | N/A |
| tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | |||||
| CVE-2012-1246 | 1 Webcreate | 1 Web Mart | 2017-12-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie. | |||||
| CVE-2012-1247 | 1 Webcreate | 1 Web Mart | 2017-12-05 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions. | |||||
| CVE-2012-2010 | 1 Hp | 1 Openvms | 2017-12-05 | 6.9 MEDIUM | N/A |
| The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2012-2271 | 1 Skincrafter | 1 Skincrafter | 2017-12-05 | 10.0 HIGH | N/A |
| Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument). | |||||
| CVE-2008-5107 | 1 Citrix | 2 Desktop Server, Presentation Server | 2017-12-04 | 1.9 LOW | N/A |
| The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. | |||||
| CVE-2006-2356 | 1 Ipswitch | 1 Whatsup Professional | 2017-12-04 | 5.0 MEDIUM | N/A |
| NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. | |||||
| CVE-2017-17082 | 2017-12-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2012-0987 | 1 Impresscms | 1 Impresscms | 2017-12-01 | 6.0 MEDIUM | N/A |
| Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the icmsConfigPlugins[sanitizer_plugins][] parameter. | |||||
| CVE-2012-3135 | 1 Oracle | 1 Fusion Middleware | 2017-12-01 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.3 and before, and 27.7.2 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2012-3365 | 1 Php | 1 Php | 2017-12-01 | 5.0 MEDIUM | N/A |
| The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. | |||||
| CVE-2012-3374 | 1 Pidgin | 1 Pidgin | 2017-12-01 | 7.5 HIGH | N/A |
| Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. | |||||
| CVE-2012-3999 | 1 Sayakbanerjee | 1 Sticky Notes | 2017-12-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2014-5606 | 1 Disney | 1 Where\'s My Perry\? Free | 2017-11-30 | 5.4 MEDIUM | N/A |
| The Where's My Perry? Free (aka com.disney.WMPLite) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5607 | 1 Disney | 1 Where\'s My Water\? Free | 2017-11-30 | 5.4 MEDIUM | N/A |
| The Where's My Water? Free (aka com.disney.WMWLite) application 1.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2010-4876 | 1 Mblogger Project | 1 Mblogger | 2017-11-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter. | |||||
| CVE-2002-1859 | 1 Orionserver | 1 Orion Application Server | 2017-11-30 | 5.0 MEDIUM | N/A |
| Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). | |||||
| CVE-2005-2981 | 1 Orionserver | 1 Orion Application Server | 2017-11-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. | |||||
| CVE-2014-6006 | 1 Gratta \& Vinci\? Project | 1 Gratta \& Vinci\? | 2017-11-30 | 5.4 MEDIUM | N/A |
| The Gratta & Vinci? (aka com.dreamstep.wGrattaevinci) application 0.21.13167.93474 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-0023 | 1 Videolan | 1 Vlc Media Player | 2017-11-30 | 9.3 HIGH | N/A |
| Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file. | |||||
| CVE-2012-0025 | 1 Irfanview | 1 Flashpix Plugin | 2017-11-30 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image. | |||||
| CVE-2012-4496 | 2 Drupal, Inclind | 2 Drupal, Custom Pub | 2017-11-30 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter. | |||||
| CVE-2012-5581 | 1 Libtiff | 1 Libtiff | 2017-11-30 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image. | |||||
| CVE-2013-2616 | 1 Rubygems | 1 Mini Magick | 2017-11-30 | 7.5 HIGH | N/A |
| lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||||
| CVE-2015-3193 | 1 Openssl | 1 Openssl | 2017-11-30 | 5.0 MEDIUM | N/A |
| The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. | |||||
| CVE-2012-4497 | 2 Devsaran, Drupal | 2 Elegant Theme, Drupal | 2017-11-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL. | |||||