Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0167 | 1 Redhat | 1 Enterprise Virtualization | 2013-08-20 | 2.7 LOW | N/A |
| VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." | |||||
| CVE-2013-3403 | 1 Cisco | 1 Unified Communications Manager | 2013-08-20 | 6.8 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454. | |||||
| CVE-2012-3375 | 1 Linux | 1 Linux Kernel | 2013-08-17 | 4.9 MEDIUM | N/A |
| The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. | |||||
| CVE-2001-1144 | 1 Mcafee | 1 Asap Virusscan | 2013-08-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request. | |||||
| CVE-2007-0588 | 1 Apple | 2 Mac Os X, Quicktime | 2013-08-15 | 7.1 HIGH | N/A |
| The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. | |||||
| CVE-2013-1610 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2013-08-05 | 6.8 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory. | |||||
| CVE-2002-0788 | 1 Pgp | 3 Corporate Desktop, Freeware, Personal Security | 2013-08-03 | 2.1 LOW | N/A |
| An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information. | |||||
| CVE-2001-1096 | 1 Ibm | 1 Aix | 2013-07-25 | 4.6 MEDIUM | N/A |
| Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code. | |||||
| CVE-2007-1655 | 1 Tinymux | 1 Tinymux | 2013-07-23 | 10.0 HIGH | N/A |
| Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors related to lists of numbers. | |||||
| CVE-2003-0616 | 1 Mcafee | 1 Epolicy Orchestrator | 2013-07-23 | 7.5 HIGH | N/A |
| Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution. | |||||
| CVE-1999-0447 | 1 Hp | 1 Mpe Ix | 2013-07-23 | 4.6 MEDIUM | N/A |
| Local users can gain privileges using the debug utility in the MPE/iX operating system. | |||||
| CVE-1999-0309 | 1 Hp | 1 Hp-ux | 2013-07-21 | 7.2 HIGH | N/A |
| HP-UX vgdisplay program gives root access to local users. | |||||
| CVE-2005-3250 | 1 Sun | 1 Solaris | 2013-07-20 | 2.1 LOW | N/A |
| Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference. | |||||
| CVE-2005-4482 | 1 Iatek | 1 Portalapp | 2013-07-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter. | |||||
| CVE-2005-4493 | 1 Speartek | 1 Speartek | 2013-07-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-1436 | 1 Osticket | 1 Osticket | 2013-07-14 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket. | |||||
| CVE-2007-0982 | 1 Taskfreak | 1 Taskfreak | 2013-07-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2013-0235 | 1 Wordpress | 1 Wordpress | 2013-07-08 | 6.4 MEDIUM | N/A |
| The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue. | |||||
| CVE-2005-3316 | 1 Symantec | 2 Discovery, On Command Discovery | 2013-07-07 | 7.5 HIGH | N/A |
| The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password. | |||||
| CVE-2007-0747 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-07-03 | 7.2 HIGH | N/A |
| load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables. | |||||
| CVE-2005-3852 | 1 Onlinetechtools.com | 1 Owos Lite | 2013-07-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | |||||
| CVE-2012-4944 | 1 Agilefleet | 2 Fleetcommander, Fleetcommander Kiosk | 2013-06-26 | 10.0 HIGH | N/A |
| Multiple unrestricted file upload vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary code by uploading a file via an unspecified page. | |||||
| CVE-2012-5517 | 1 Linux | 1 Linux Kernel | 2013-06-21 | 4.0 MEDIUM | N/A |
| The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. | |||||
| CVE-2011-2942 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2013-06-10 | 6.8 MEDIUM | N/A |
| A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device. | |||||
| CVE-2013-1827 | 1 Linux | 1 Linux Kernel | 2013-06-05 | 6.2 MEDIUM | N/A |
| net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. | |||||
| CVE-2013-1826 | 1 Linux | 1 Linux Kernel | 2013-06-05 | 6.2 MEDIUM | N/A |
| The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability. | |||||
| CVE-2012-2982 | 1 Gentoo | 1 Webmin | 2013-05-30 | 6.5 MEDIUM | N/A |
| file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character. | |||||
| CVE-2010-2443 | 1 Libtiff | 1 Libtiff | 2013-05-15 | 5.0 MEDIUM | N/A |
| The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function. | |||||
| CVE-2010-2482 | 1 Libtiff | 1 Libtiff | 2013-05-15 | 4.3 MEDIUM | N/A |
| LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. | |||||
| CVE-2013-1220 | 1 Cisco | 1 Unified Customer Voice Portal | 2013-05-09 | 7.8 HIGH | N/A |
| The CallServer component in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to cause a denial of service (call-acceptance outage) via malformed SIP INVITE messages, aka Bug ID CSCua65148. | |||||
| CVE-2013-1235 | 1 Cisco | 16 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2106 Wireless Lan Controller and 13 more | 2013-05-06 | 5.0 MEDIUM | N/A |
| Cisco Wireless LAN Controller (WLC) devices do not properly address the resource consumption of terminated TELNET sessions, which allows remote attackers to cause a denial of service (TELNET outage) by making many TELNET connections and improperly ending these connections, aka Bug ID CSCug35507. | |||||
| CVE-2013-1092 | 1 Novell | 1 Zenworks Desktop Management | 2013-05-06 | 7.2 HIGH | N/A |
| Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe. | |||||
| CVE-2013-0727 | 1 Bluemarblegeo | 1 Global Mapper | 2013-04-26 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Global Mapper 14.1.0 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a directory that contains a .gmc, .gmg, .gmp, .gms, .gmw, or .opt file. | |||||
| CVE-2013-0138 | 1 Bitberry Software | 1 Bitzipper | 2013-04-22 | 9.3 HIGH | N/A |
| BitZipper 2013 before Update 1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ZIP archive. | |||||
| CVE-2013-0133 | 1 Parallels | 1 Parallels Plesk Panel | 2013-04-19 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable. | |||||
| CVE-2012-3450 | 1 Php | 1 Php | 2013-04-19 | 2.6 LOW | N/A |
| pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value. | |||||
| CVE-2012-2186 | 1 Asterisk | 4 Business Edition, Certified Asterisk, Digiumphones and 1 more | 2013-04-19 | 9.0 HIGH | N/A |
| Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. | |||||
| CVE-2013-0886 | 2 Apple, Google | 2 Mac Os X, Chrome | 2013-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors. | |||||
| CVE-2012-5173 | 1 Bigace | 1 Bigace | 2013-04-11 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in BIGACE before 2.7.8 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2013-1789 | 1 Freedesktop | 1 Poppler | 2013-04-10 | 4.3 MEDIUM | N/A |
| splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. | |||||
| CVE-2013-0111 | 1 Nvidia | 1 Driver | 2013-04-09 | 6.8 MEDIUM | N/A |
| daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. | |||||
| CVE-2013-0110 | 1 Nvidia | 1 Driver | 2013-04-09 | 6.8 MEDIUM | N/A |
| nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distributed with the NVIDIA driver before 307.78, and Release 310 before 311.00, on Windows, lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program. | |||||
| CVE-2013-2632 | 1 Google | 2 Chrome, V8 | 2013-04-09 | 6.8 MEDIUM | N/A |
| Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game. | |||||
| CVE-2013-2742 | 2 Ithemes, Wordpress | 2 Backupbuddy, Wordpress | 2013-04-02 | 7.5 HIGH | N/A |
| importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script. | |||||
| CVE-2013-1609 | 1 Symantec | 1 Enterprise Vault For File System Archiving | 2013-03-27 | 6.8 MEDIUM | N/A |
| Multiple unquoted Windows search path vulnerabilities in the (1) File Collector and (2) File PlaceHolder services in Symantec Enterprise Vault (EV) for File System Archiving before 9.0.4 and 10.x before 10.0.1 allow local users to gain privileges via a Trojan horse program. | |||||
| CVE-2012-3731 | 1 Apple | 1 Iphone Os | 2013-03-26 | 2.1 LOW | N/A |
| Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | |||||
| CVE-2012-2744 | 1 Linux | 1 Linux Kernel | 2013-03-22 | 7.8 HIGH | N/A |
| net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. | |||||
| CVE-2013-0206 | 2 Drupal, Guy Bedford | 2 Drupal, Live Css | 2013-03-21 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2012-5659 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2013-03-19 | 3.7 LOW | N/A |
| Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module. | |||||
| CVE-2011-1165 | 1 David King | 1 Vino | 2013-03-19 | 5.1 MEDIUM | N/A |
| Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks. | |||||