Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4116 | 1 Hp | 1 Storageworks Storage Mirroring | 2013-07-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP StorageWorks Storage Mirroring 5.x before 5.2.2.1771.2 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2013-2872 | 2 Apple, Google | 2 Mac Os X, Chrome | 2013-07-10 | 5.0 MEDIUM | N/A |
| Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for remote attackers to defeat cryptographic protection mechanisms in third-party components via unspecified vectors. | |||||
| CVE-2013-3401 | 1 Cisco | 1 Telepresence Tc Software | 2013-07-02 | 4.3 MEDIUM | N/A |
| The SIP implementation in Cisco TelePresence TC Software allows remote attackers to trigger unintended use of NOTIFY messages via unspecified vectors, aka Bug ID CSCud96080. | |||||
| CVE-2013-4734 | 2 Digital Alert Systems, Monroe Electronics | 2 Dasdec Eas, R189 One-net Eas | 2013-07-01 | 7.5 HIGH | N/A |
| dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors. | |||||
| CVE-2012-3270 | 1 Hp | 1 Performance Insight | 2013-06-26 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269. | |||||
| CVE-2013-0796 | 2 Linux, Mozilla | 6 Linux Kernel, Firefox, Firefox Esr and 3 more | 2013-06-21 | 10.0 HIGH | N/A |
| The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. | |||||
| CVE-2012-4461 | 1 Linux | 1 Linux Kernel | 2013-06-21 | 1.9 LOW | N/A |
| The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl. | |||||
| CVE-2013-3927 | 1 Siemens | 1 Comos | 2013-06-19 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access. | |||||
| CVE-2013-3644 | 1 Justsystems | 4 Ichitaro, Ichitaro Just School, Ichitaro Portable and 1 more | 2013-06-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; Ichitaro Pro through 2; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro Portable with oreplug; Ichitaro Viewer; and Ichitaro JUST School through 2010 allows remote attackers to execute arbitrary code via a crafted document. | |||||
| CVE-2012-4444 | 1 Linux | 1 Linux Kernel | 2013-06-15 | 5.0 MEDIUM | N/A |
| The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. | |||||
| CVE-2013-0790 | 2 Google, Mozilla | 2 Android, Firefox | 2013-06-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in. | |||||
| CVE-2013-2316 | 1 Yahoo | 1 Yahoo\! Browser | 2013-06-04 | 5.8 MEDIUM | N/A |
| The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors related to URL display, a different vulnerability than CVE-2013-2307. | |||||
| CVE-2013-2317 | 2 Fenrir-inc, Google | 2 Sleipnir Mobile, Android | 2013-06-04 | 5.8 MEDIUM | N/A |
| The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the opening of a new window. | |||||
| CVE-2012-6552 | 1 Phpvms | 1 Phpvms | 2013-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors. | |||||
| CVE-2013-0600 | 1 Ibm | 2 Websphere Datapower Xc10 Appliance, Websphere Datapower Xc10 Appliance Firmware | 2013-05-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass authentication and perform administrative actions via unknown vectors. | |||||
| CVE-2013-2767 | 1 Citrix | 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware | 2013-05-02 | 5.4 MEDIUM | N/A |
| Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors. | |||||
| CVE-2013-1219 | 1 Cisco | 1 Intrusion Prevention System | 2013-05-01 | 4.4 MEDIUM | N/A |
| SensorApp in Cisco Intrusion Prevention System (IPS) allows local users to cause a denial of service (Regex hardware job failure and application hang) via a (1) initiate signature upgrade, (2) initiate global correlation, (3) show statistics anomaly-detection, or (4) clear database action, aka Bug ID CSCuc74630. | |||||
| CVE-2013-1949 | 2 Blinkwebeffects, Wordpress | 2 Social-media-widget, Wordpress | 2013-05-01 | 5.0 MEDIUM | N/A |
| Social Media Widget (social-media-widget) plugin 4.0 for WordPress contains an externally introduced modification (Trojan Horse), which allows remote attackers to force the upload of arbitrary files. | |||||
| CVE-2013-2307 | 1 Yahoo | 1 Yahoo\! Browser | 2013-04-29 | 5.8 MEDIUM | N/A |
| The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site. | |||||
| CVE-2013-2306 | 1 Jb\+ | 1 Jigbrowser\+ | 2013-04-26 | 5.8 MEDIUM | N/A |
| The jigbrowser+ application before 1.6.4 for Android does not properly open windows, which allows remote attackers to spoof the address bar via a crafted web site. | |||||
| CVE-2013-3211 | 1 Opera | 1 Opera Browser | 2013-04-22 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue." | |||||
| CVE-2013-0139 | 1 Arecont | 1 Vision Av1355dn Megadome Camera | 2013-04-19 | 7.8 HIGH | N/A |
| The Arecont Vision AV1355DN MegaDome camera allows remote attackers to cause a denial of service (video-capture outage) via a packet to UDP port 69. | |||||
| CVE-2012-3136 | 1 Oracle | 2 Jdk, Jre | 2013-04-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682. | |||||
| CVE-2013-2303 | 1 Fenrir-inc | 1 Sleipnir | 2013-04-16 | 5.0 MEDIUM | N/A |
| Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to spoof the SSL lock icon and address-bar colors via unspecified vectors. | |||||
| CVE-2013-1168 | 1 Cisco | 1 Unified Meetingplace | 2013-04-15 | 7.6 HIGH | N/A |
| The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885. | |||||
| CVE-2013-1386 | 1 Adobe | 1 Shockwave Player | 2013-04-10 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1384. | |||||
| CVE-2013-1384 | 1 Adobe | 1 Shockwave Player | 2013-04-10 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1386. | |||||
| CVE-2012-3482 | 1 Fetchmail | 1 Fetchmail | 2013-04-05 | 5.8 MEDIUM | N/A |
| Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. | |||||
| CVE-2013-0664 | 1 Schneider-electric | 3 Modicon M340, Modicon Premium, Modicon Quantum Plc | 2013-04-04 | 8.5 HIGH | N/A |
| The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests. | |||||
| CVE-2013-1083 | 1 Novell | 1 Identity Manager Roles Based Provisioning Module | 2013-04-02 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager (aka IDM) Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors. | |||||
| CVE-2013-1299 | 1 Microsoft | 4 Modern Mail, Windows 8, Windows Rt and 1 more | 2013-04-02 | 5.8 MEDIUM | N/A |
| Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. | |||||
| CVE-2013-0659 | 1 Siemens | 4 Cp 1604, Cp 1604 Firmware, Cp 1616 and 1 more | 2013-04-01 | 10.0 HIGH | N/A |
| The debugging feature on the Siemens CP 1604 and CP 1616 interface cards with firmware before 2.5.2 allows remote attackers to execute arbitrary code via a crafted packet to UDP port 17185. | |||||
| CVE-2013-2717 | 1 Emc | 1 Smarts Network Configuration Manager | 2013-03-29 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9.2 have unknown impact and attack vectors, a different issue than CVE-2013-0935. NOTE: this might overlap CVEs for open-source server components or other third-party components. | |||||
| CVE-2013-0260 | 2 Drupal, Elliot Pahl | 2 Drupal, Drush Debian Packaging | 2013-03-28 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors. | |||||
| CVE-2012-3979 | 2 Google, Mozilla | 4 Android, Firefox, Firefox Esr and 1 more | 2013-03-26 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function. | |||||
| CVE-2012-2469 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2013-03-23 | 7.8 HIGH | N/A |
| Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP) packet, aka Bug IDs CSCtk34535 and CSCtk19132. | |||||
| CVE-2012-3247 | 1 Hp | 3 Integrity, Integrity Firmware, Itegrity | 2013-03-22 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c i2, and BL890c i2 with firmware before 26.31 and the HP Integrity Server rx2800 i2 with firmware before 26.30 allows local users to cause a denial of service via unknown vectors. | |||||
| CVE-2012-3051 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2013-03-22 | 6.1 MEDIUM | N/A |
| Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822. | |||||
| CVE-2012-3257 | 1 Hp | 1 Business Availability Center | 2013-03-22 | 4.6 MEDIUM | N/A |
| HP Business Availability Center (BAC) 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors. | |||||
| CVE-2012-2017 | 1 Hp | 6 Photosmart E-all-in-one Printer Series, Photosmart Estation All-in-one-printer Series, Photosmart Ink Advantage E-all-in-one and 3 more | 2013-03-22 | 7.8 HIGH | N/A |
| Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-One C410 printers allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2013-0960 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2013-03-18 | 6.8 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961. | |||||
| CVE-2013-0966 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 6.4 MEDIUM | N/A |
| The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI. | |||||
| CVE-2013-0967 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 4.3 MEDIUM | N/A |
| CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. | |||||
| CVE-2013-0961 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2013-03-18 | 6.8 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960. | |||||
| CVE-2013-0973 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 6.8 MEDIUM | N/A |
| Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. | |||||
| CVE-2013-2558 | 1 Microsoft | 1 Windows 8 | 2013-03-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error report. | |||||
| CVE-2013-2552 | 1 Microsoft | 2 Internet Explorer, Windows 8 | 2013-03-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. | |||||
| CVE-2013-0970 | 1 Apple | 1 Mac Os X | 2013-03-15 | 4.3 MEDIUM | N/A |
| Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL. | |||||
| CVE-2012-3273 | 1 Hp | 2 Laserjet Pro Mfp M401, Laserjet Pro Mfp M425 | 2013-03-14 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2012-3275 | 1 Hp | 1 Network Node Manager I | 2013-03-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and 9.20 allows remote attackers to execute arbitrary code via unknown vectors. | |||||