Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0160 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 2.1 LOW | N/A |
| The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. | |||||
| CVE-2013-1979 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 6.9 MEDIUM | N/A |
| The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. | |||||
| CVE-2013-3009 | 1 Ibm | 1 Java | 2017-11-29 | 9.3 HIGH | N/A |
| The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block. | |||||
| CVE-2013-3011 | 1 Ibm | 1 Java | 2017-11-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3012. | |||||
| CVE-2013-3012 | 1 Ibm | 1 Java | 2017-11-29 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3011. | |||||
| CVE-2013-3076 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 4.9 MEDIUM | N/A |
| The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. | |||||
| CVE-2013-3222 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 4.9 MEDIUM | N/A |
| The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2013-3223 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 4.9 MEDIUM | N/A |
| The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2013-3224 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 4.9 MEDIUM | N/A |
| The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2013-3225 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 4.9 MEDIUM | N/A |
| The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2013-3227 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 4.9 MEDIUM | N/A |
| The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2013-3228 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 4.9 MEDIUM | N/A |
| The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2013-3229 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 4.9 MEDIUM | N/A |
| The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2013-3231 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 4.7 MEDIUM | N/A |
| The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2013-3232 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 4.9 MEDIUM | N/A |
| The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2013-3234 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 4.9 MEDIUM | N/A |
| The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2013-3235 | 1 Linux | 1 Linux Kernel | 2017-11-29 | 4.9 MEDIUM | N/A |
| net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. | |||||
| CVE-2013-3436 | 1 Cisco | 1 Ios | 2017-11-29 | 5.0 MEDIUM | N/A |
| The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698. | |||||
| CVE-2013-3445 | 1 Cisco | 1 Identity Services Engine | 2017-11-29 | 5.0 MEDIUM | N/A |
| The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572. | |||||
| CVE-2013-3656 | 1 Cybozu | 1 Cybozu Office | 2017-11-29 | 5.8 MEDIUM | N/A |
| Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL. | |||||
| CVE-2013-4674 | 1 Symantec | 2 Encryption Management Server, Pgp Universal Server | 2017-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment. | |||||
| CVE-2013-6959 | 1 Cisco | 1 Webex Sales Center | 2017-11-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul25557. | |||||
| CVE-2013-6960 | 1 Cisco | 1 Webex Meeting Center | 2017-11-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248. | |||||
| CVE-2013-6961 | 1 Cisco | 1 Webex Meeting Center | 2017-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237. | |||||
| CVE-2013-6962 | 1 Cisco | 1 Webex Meeting Center | 2017-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228. | |||||
| CVE-2013-6963 | 1 Cisco | 1 Webex Training Center | 2017-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207. | |||||
| CVE-2013-6964 | 1 Cisco | 1 Webex Meeting Center | 2017-11-29 | 3.5 LOW | N/A |
| Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197. | |||||
| CVE-2013-6965 | 1 Cisco | 1 Webex Training Center | 2017-11-29 | 5.0 MEDIUM | N/A |
| The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183. | |||||
| CVE-2013-6966 | 1 Cisco | 1 Webex Training Center | 2017-11-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36031. | |||||
| CVE-2013-6967 | 1 Cisco | 1 Webex Sales Center | 2017-11-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the mobile-browser subsystem in Cisco WebEx Sales Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul36020. | |||||
| CVE-2013-6968 | 1 Cisco | 1 Webex Training Center | 2017-11-29 | 5.0 MEDIUM | N/A |
| Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003. | |||||
| CVE-2013-6969 | 1 Cisco | 1 Webex Training Center | 2017-11-29 | 4.3 MEDIUM | N/A |
| The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990. | |||||
| CVE-2013-6970 | 1 Cisco | 1 Webex Meeting Center | 2017-11-29 | 5.0 MEDIUM | N/A |
| Cisco WebEx Meeting Center allows remote attackers to obtain sensitive information by reading verbose error messages within server responses, aka Bug ID CSCul35928. | |||||
| CVE-2013-6971 | 1 Cisco | 1 Webex Training Center | 2017-11-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Cisco WebEx Training Center allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCul57140. | |||||
| CVE-2013-6972 | 1 Cisco | 1 Webex Training Center | 2017-11-29 | 5.0 MEDIUM | N/A |
| Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126. | |||||
| CVE-2013-6973 | 1 Cisco | 1 Webex Training Center | 2017-11-29 | 4.3 MEDIUM | N/A |
| Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121. | |||||
| CVE-2000-0346 | 1 Apple | 1 Appleshare | 2017-11-27 | 5.0 MEDIUM | N/A |
| AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server. | |||||
| CVE-2017-15117 | 2017-11-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2012-0315 | 1 Estsoft | 1 Alftp | 2017-11-22 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file. | |||||
| CVE-2008-3458 | 1 Vtiger | 1 Vtiger Crm | 2017-11-22 | 5.0 MEDIUM | N/A |
| Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. | |||||
| CVE-2008-3628 | 2 Apple, Microsoft | 2 Quicktime, Windows | 2017-11-22 | 9.3 HIGH | N/A |
| Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue." | |||||
| CVE-2009-2762 | 1 Wordpress | 1 Wordpress | 2017-11-22 | 7.5 HIGH | N/A |
| wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array. | |||||
| CVE-2009-2854 | 1 Wordpress | 1 Wordpress | 2017-11-22 | 6.4 MEDIUM | N/A |
| Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/. | |||||
| CVE-2009-3891 | 1 Wordpress | 1 Wordpress | 2017-11-22 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable). | |||||
| CVE-2010-0227 | 1 Verbatim | 1 Corporate Secure | 2017-11-22 | 4.6 MEDIUM | N/A |
| Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. | |||||
| CVE-2006-5988 | 1 Microsoft | 1 Windows 2000 | 2017-11-22 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-2702 | 1 Estsoft | 1 Alftp | 2017-11-22 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2009-3251 | 1 Vtiger | 1 Vtiger Crm | 2017-11-22 | 4.0 MEDIUM | N/A |
| include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view. | |||||
| CVE-2011-0701 | 1 Wordpress | 1 Wordpress | 2017-11-22 | 4.0 MEDIUM | N/A |
| wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter. | |||||
| CVE-2011-1477 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Desktop | 2017-11-22 | 7.2 HIGH | N/A |
| Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer. | |||||