Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0235 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-0236 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 5.0 MEDIUM | N/A |
| Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk." | |||||
| CVE-2012-0237 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 6.4 MEDIUM | N/A |
| Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. | |||||
| CVE-2012-0238 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-0239 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 5.0 MEDIUM | N/A |
| uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. | |||||
| CVE-2012-0240 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 10.0 HIGH | N/A |
| GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-0241 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 5.0 MEDIUM | N/A |
| Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. | |||||
| CVE-2012-0242 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 10.0 HIGH | N/A |
| Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. | |||||
| CVE-2012-0243 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 10.0 HIGH | N/A |
| Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. | |||||
| CVE-2012-0244 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. | |||||
| CVE-2012-0368 | 1 Cisco | 13 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2106 Wireless Lan Controller and 10 more | 2018-01-05 | 7.8 HIGH | N/A |
| The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device crash) via a malformed URL in an HTTP request, aka Bug ID CSCts81997. | |||||
| CVE-2012-0369 | 1 Cisco | 13 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2106 Wireless Lan Controller and 10 more | 2018-01-05 | 7.8 HIGH | N/A |
| Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reload) via a sequence of IPv6 packets, aka Bug ID CSCtt07949. | |||||
| CVE-2012-0370 | 1 Cisco | 13 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2106 Wireless Lan Controller and 10 more | 2018-01-05 | 7.8 HIGH | N/A |
| Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2) HTTPS packets, aka Bug ID CSCtt47435. | |||||
| CVE-2012-0371 | 1 Cisco | 13 2000 Wireless Lan Controller, 2100 Wireless Lan Controller, 2106 Wireless Lan Controller and 10 more | 2018-01-05 | 9.3 HIGH | N/A |
| Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709. | |||||
| CVE-2012-0634 | 1 Apple | 2 Itunes, Webkit | 2018-01-05 | 7.6 HIGH | N/A |
| WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | |||||
| CVE-2012-0809 | 1 Todd Miller | 1 Sudo | 2018-01-05 | 7.2 HIGH | N/A |
| Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo. | |||||
| CVE-2012-1601 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | N/A |
| The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. | |||||
| CVE-2012-1821 | 2 Microsoft, Symantec | 2 Windows 2003 Server, Endpoint Protection | 2018-01-05 | 5.0 MEDIUM | N/A |
| The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic. | |||||
| CVE-2012-1924 | 1 Opera | 1 Opera Browser | 2018-01-05 | 6.8 MEDIUM | N/A |
| Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog. | |||||
| CVE-2012-1925 | 1 Opera | 1 Opera Browser | 2018-01-05 | 6.8 MEDIUM | N/A |
| Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows. | |||||
| CVE-2012-1929 | 2 Apple, Opera | 2 Mac Os X, Opera Browser | 2018-01-05 | 6.4 MEDIUM | N/A |
| Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area. | |||||
| CVE-2012-1930 | 2 Opera, Unix | 2 Opera Browser, Unix | 2018-01-05 | 4.6 MEDIUM | N/A |
| Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files. | |||||
| CVE-2012-1931 | 2 Opera, Unix | 2 Opera Browser, Unix | 2018-01-05 | 4.6 MEDIUM | N/A |
| Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing. | |||||
| CVE-2012-1937 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2018-01-05 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2012-1940 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2018-01-05 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. | |||||
| CVE-2012-1947 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2018-01-05 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. | |||||
| CVE-2012-2110 | 2 Openssl, Redhat | 2 Openssl, Openssl | 2018-01-05 | 7.5 HIGH | N/A |
| The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | |||||
| CVE-2012-2111 | 1 Samba | 1 Samba | 2018-01-05 | 6.5 MEDIUM | N/A |
| The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection. | |||||
| CVE-2012-2121 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | N/A |
| The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices. | |||||
| CVE-2012-2131 | 1 Openssl | 1 Openssl | 2018-01-05 | 7.5 HIGH | N/A |
| Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. | |||||
| CVE-2012-2333 | 2 Openssl, Redhat | 2 Openssl, Openssl | 2018-01-05 | 6.8 MEDIUM | N/A |
| Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. | |||||
| CVE-2012-2335 | 1 Php | 1 Php | 2018-01-05 | 7.5 HIGH | N/A |
| php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. | |||||
| CVE-2012-2336 | 1 Php | 1 Php | 2018-01-05 | 5.0 MEDIUM | N/A |
| sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. | |||||
| CVE-2012-2337 | 1 Todd Miller | 1 Sudo | 2018-01-05 | 7.2 HIGH | N/A |
| sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. | |||||
| CVE-2012-2944 | 1 Networkupstools | 1 Nut | 2018-01-05 | 7.5 HIGH | N/A |
| Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters. | |||||
| CVE-2012-3291 | 1 Infradead | 1 Openconnect | 2018-01-05 | 7.8 HIGH | N/A |
| Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner. | |||||
| CVE-2012-6153 | 1 Apache | 1 Commons-httpclient | 2018-01-05 | 4.3 MEDIUM | N/A |
| http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783. | |||||
| CVE-2013-2236 | 1 Quagga | 1 Quagga | 2018-01-05 | 2.6 LOW | N/A |
| Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA. | |||||
| CVE-2013-5653 | 2 Artifex, Debian | 2 Afpl Ghostscript, Debian Linux | 2018-01-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. | |||||
| CVE-2013-6629 | 3 Artifex, Google, Oracle | 3 Gpl Ghostscript, Chrome, Solaris | 2018-01-05 | 5.0 MEDIUM | N/A |
| The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | |||||
| CVE-2013-6954 | 1 Libpng | 1 Libpng | 2018-01-05 | 5.0 MEDIUM | N/A |
| The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. | |||||
| CVE-2013-7456 | 2 Libgd, Php | 2 Libgd, Php | 2018-01-05 | 6.8 MEDIUM | 7.6 HIGH |
| gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function. | |||||
| CVE-2014-0248 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform, Jboss Web Framework Kit | 2018-01-05 | 6.8 MEDIUM | N/A |
| org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging. | |||||
| CVE-2014-1876 | 1 Oracle | 1 Openjdk | 2018-01-05 | 4.4 MEDIUM | N/A |
| The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. | |||||
| CVE-2014-2015 | 1 Freeradius | 1 Freeradius | 2018-01-05 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash. | |||||
| CVE-2014-3530 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2018-01-05 | 7.5 HIGH | N/A |
| The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-3538 | 1 Christos Zoulas | 1 File | 2018-01-05 | 5.0 MEDIUM | N/A |
| file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. | |||||
| CVE-2014-3587 | 2 Christos Zoulas, Php | 2 File, Php | 2018-01-05 | 4.3 MEDIUM | N/A |
| Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. | |||||
| CVE-2014-3604 | 1 Not Yet Commons Ssl Project | 1 Not Yet Commons Ssl | 2018-01-05 | 6.8 MEDIUM | N/A |
| Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2014-3613 | 2 Apple, Haxx | 3 Mac Os X, Curl, Libcurl | 2018-01-05 | 5.0 MEDIUM | N/A |
| cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1. | |||||