Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0707 | 1 Justsystems | 5 Hanako, Hanako Police, Hanako Police3 and 2 more | 2013-03-01 | 9.3 HIGH | N/A |
| Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, Ichitaro Government 2006 and 2007, Ichitaro Portable with oreplug, Hanako 2006 through 2013, Hanako Police, Hanako Police 3, and Hanako Police 2010 allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2013-0313 | 1 Linux | 1 Linux Kernel | 2013-02-22 | 6.2 MEDIUM | N/A |
| The evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module (EVM) is enabled, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an attempted removexattr operation on an inode of a sockfs filesystem. | |||||
| CVE-2013-1131 | 1 Cisco | 1 Small Business Wireless Access Ppoints | 2013-02-14 | 6.4 MEDIUM | N/A |
| Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, and WET200 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SSID that is not properly handled during a site survey, aka Bug IDs CSCua86182, CSCua91196, CSCud36155, and CSCua86190. | |||||
| CVE-2012-0418 | 2 Microsoft, Novell | 2 Windows, Groupwise | 2013-02-14 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2012-2286 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2013-02-12 | 2.9 LOW | N/A |
| Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2010-0885 | 1 Oracle | 1 Sun Products Suite | 2013-02-08 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Sun Java System Communications Express component in Oracle Sun Product Suite 6 2005Q4 (6.2) and and 6.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Address Book. | |||||
| CVE-2010-3544 | 1 Oracle | 1 Sun Products Suite | 2013-02-07 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect integrity and availability via unknown vectors related to Administration. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable source that this is cross-site request forgery (CSRF) that allows remote attackers to stop an instance via the management console. | |||||
| CVE-2010-3579 | 1 Oracle | 1 Sun Products Suite | 2013-02-07 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. | |||||
| CVE-2010-3546 | 1 Oracle | 1 Sun Products Suite | 2013-02-07 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in the Sun Java System Identity Manager component in Oracle Sun Products Suite 8.1 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2010-3545 | 1 Oracle | 1 Sun Products Suite | 2013-02-07 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration. | |||||
| CVE-2010-3535 | 1 Oracle | 1 Sun Products Suite | 2013-02-07 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in the Directory Server Enterprise Edition component in Oracle Sun Products Suite 6.0, 6.1, 6.2, and 6.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Identity Synchronization for Windows. | |||||
| CVE-2009-3109 | 1 Symantec | 1 Altiris Deployment Solution | 2013-02-07 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed. | |||||
| CVE-2013-1490 | 1 Oracle | 2 Jdk, Jre | 2013-02-04 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any independently-verifiable details, and there is no vendor acknowledgement. A CVE identifier is being assigned because this vulnerability has received significant public attention, and the original researcher has an established history of releasing vulnerability reports that have been fixed by vendors. NOTE: this issue also exists in SE 6, but it cannot be exploited without a separate vulnerability. | |||||
| CVE-2013-1103 | 1 Cisco | 9 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2500 Wireless Lan Controller and 6 more | 2013-02-02 | 7.8 HIGH | N/A |
| Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload) via crafted SIP packets, aka Bug ID CSCts87659. | |||||
| CVE-2013-1102 | 1 Cisco | 9 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2500 Wireless Lan Controller and 6 more | 2013-02-02 | 7.8 HIGH | N/A |
| The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 allows remote attackers to cause a denial of service (device reload) via crafted IP packets, aka Bug ID CSCtx80743. | |||||
| CVE-2012-3252 | 1 Hp | 1 Serviceguard | 2013-02-02 | 7.8 HIGH | N/A |
| Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2013-0462 | 1 Ibm | 1 Websphere Application Server | 2013-01-30 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors. | |||||
| CVE-2012-5991 | 1 Cisco | 9 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2500 Wireless Lan Controller and 6 more | 2013-01-30 | 6.3 MEDIUM | N/A |
| screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to cause a denial of service (device reload) via a certain buttonClicked value in an internal webauth_type request, aka Bug ID CSCud50209. | |||||
| CVE-2009-4738 | 1 Justsystems | 3 Atok, Atok Flat-rate Service, Just Smile | 2013-01-29 | 7.2 HIGH | N/A |
| Unspecified vulnerability in JustSystems Corporation ATOK 2006 through 2009 and ATOK flat-rate service, and Just Smile 4 with the ATOK Smile module, allows physically proximate users to bypass the screen lock and execute commands with system privileges via unknown vectors related to "launching external applications." | |||||
| CVE-2012-0435 | 1 Suse | 1 Webyast | 2013-01-28 | 5.8 MEDIUM | N/A |
| SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. | |||||
| CVE-2011-5254 | 2 Connections Project, Wordpress | 2 Connections, Wordpress | 2013-01-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors. | |||||
| CVE-2012-5429 | 2 Cisco, Microsoft | 2 Vpn Client, Windows | 2013-01-18 | 4.6 MEDIUM | N/A |
| The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. | |||||
| CVE-2012-6336 | 1 Lookout | 1 Lookout | 2013-01-08 | 3.3 LOW | N/A |
| The Missing Device feature in Lookout allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." | |||||
| CVE-2012-1714 | 1 Oracle | 1 Hyperion Financial Management | 2013-01-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in a TList 6 ActiveX control in Oracle Hyperion Financial Management 11.1.1.4 and 11.1.2.1.104 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2012-0411 | 1 Novell | 1 Iprint | 2013-01-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action. | |||||
| CVE-2011-5087 | 1 Adastra | 1 Trace Mode Data Center | 2013-01-04 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by the GLEG Agora SCADA+ Exploit Pack for Immunity CANVAS. | |||||
| CVE-2006-0218 | 1 Mybb | 1 Mybb | 2013-01-03 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603. | |||||
| CVE-2008-3981 | 1 Oracle | 1 Secure Backup | 2013-01-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. | |||||
| CVE-2012-6335 | 1 Avg | 1 Avg Antivirus | 2012-12-31 | 3.3 LOW | N/A |
| The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." | |||||
| CVE-2012-0962 | 2 Canonical, Sebastian Heinlein | 2 Ubuntu Linux, Aptdaemon | 2012-12-27 | 4.3 MEDIUM | N/A |
| Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. | |||||
| CVE-2010-3054 | 1 Freetype | 1 Freetype | 2012-12-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c. | |||||
| CVE-2012-6065 | 2 Daniel Honrade, Drupal | 2 Om Maximenu, Drupal | 2012-12-04 | 4.6 MEDIUM | N/A |
| The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553. | |||||
| CVE-2012-5174 | 1 Kyocera | 6 Ah-k3001v, Ah-k3002v, Xw300k and 3 more | 2012-11-30 | 7.8 HIGH | N/A |
| The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers to cause a denial of service (persistent reboot) via an e-mail message in an invalid format. | |||||
| CVE-2011-3506 | 1 Oracle | 1 Sun Products Suite | 2012-11-27 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication. | |||||
| CVE-2008-3073 | 1 Simple Machines | 1 Simple Machines Forum | 2012-11-27 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to "use of the html-tag." | |||||
| CVE-2008-3070 | 1 Mybb | 1 Mybb | 2012-11-27 | 7.5 HIGH | N/A |
| Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection. | |||||
| CVE-2008-3071 | 1 Mybb | 1 Mybb | 2012-11-27 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable. | |||||
| CVE-2008-3072 | 1 Simple Machines | 1 Simple Machines Forum | 2012-11-27 | 7.5 HIGH | N/A |
| Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors. | |||||
| CVE-2007-6721 | 1 Bouncycastle | 2 Bouncy-castle-crypto-package, Legion-of-the-bouncy-castle-java-crytography-api | 2012-11-16 | 10.0 HIGH | N/A |
| The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes." | |||||
| CVE-2012-4514 | 1 Kde | 1 Kde | 2012-11-12 | 5.0 MEDIUM | N/A |
| rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." | |||||
| CVE-2012-5672 | 1 Microsoft | 3 Excel, Excel Viewer, Office | 2012-11-08 | 4.3 MEDIUM | N/A |
| Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data. | |||||
| CVE-2011-3507 | 1 Oracle | 1 Sun Products Suite | 2012-11-06 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows remote authenticated users to affect integrity via unknown vectors related to Messaging Server. | |||||
| CVE-2011-3519 | 1 Oracle | 1 E-business Suite | 2012-11-06 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services. | |||||
| CVE-2008-5108 | 1 Adobe | 1 Adobe Air | 2012-10-31 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors. | |||||
| CVE-2007-4839 | 1 Ibm | 1 Websphere Application Server | 2012-10-31 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK33803. | |||||
| CVE-2007-6529 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2012-10-24 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php. | |||||
| CVE-2010-2386 | 1 Oracle | 2 Opensolaris, Solaris | 2012-10-23 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to GigaSwift Ethernet Driver. | |||||
| CVE-2010-2371 | 1 Oracle | 1 Supply Chain Products Suite | 2012-10-23 | 1.9 LOW | N/A |
| Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1.1 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-2372. | |||||
| CVE-2010-2382 | 1 Oracle | 1 Solaris | 2012-10-23 | 3.2 LOW | N/A |
| Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2010-2372 | 1 Oracle | 1 Supply Chain Products Suite | 2012-10-23 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1.1 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2371. | |||||