Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4882 | 1 Mcafee | 2 Epolicy Orchestrator, Epolicy Orchestrator Agent | 2013-08-22 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePolicy Orchestrator (ePO) extension for McAfee Agent (MA) 4.5 and 4.6, allow remote authenticated users to execute arbitrary SQL commands via the uid parameter to (1) core/showRegisteredTypeDetails.do and (2) EPOAGENTMETA/DisplayMSAPropsDetail.do, a different vulnerability than CVE-2013-0140. | |||||
| CVE-2013-4883 | 1 Mcafee | 2 Epolicy Orchestrator, Epolicy Orchestrator Agent | 2013-08-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do. | |||||
| CVE-2013-3345 | 5 Adobe, Apple, Google and 2 more | 5 Flash Player, Mac Os X, Android and 2 more | 2013-08-22 | 10.0 HIGH | N/A |
| Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2013-3347 | 5 Adobe, Apple, Google and 2 more | 5 Flash Player, Mac Os X, Android and 2 more | 2013-08-22 | 10.0 HIGH | N/A |
| Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling. | |||||
| CVE-2013-3747 | 1 Oracle | 1 E-business Suite | 2013-08-22 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Client System Analyzer. | |||||
| CVE-2013-2173 | 1 Wordpress | 1 Wordpress | 2013-08-22 | 4.3 MEDIUM | N/A |
| wp-includes/class-phpass.php in WordPress 3.5.1, when a password-protected post exists, allows remote attackers to cause a denial of service (CPU consumption) via a crafted value of a certain wp-postpass cookie. | |||||
| CVE-2013-1767 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 6.2 MEDIUM | N/A |
| Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. | |||||
| CVE-2013-1772 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 4.0 MEDIUM | N/A |
| The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (buffer overflow and system crash) by leveraging /dev/kmsg write access and triggering a call_console_drivers function call. | |||||
| CVE-2013-2117 | 2 Jason A Donenfeld, Lars Hjemli | 2 Cgit, Cgit | 2013-08-22 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. | |||||
| CVE-2012-6547 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 1.9 LOW | N/A |
| The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. | |||||
| CVE-2012-6549 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 1.9 LOW | N/A |
| The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. | |||||
| CVE-2013-0131 | 1 Nvidia | 1 Gpu Driver | 2013-08-22 | 7.1 HIGH | N/A |
| Buffer overflow in the NVIDIA GPU driver before 304.88, 310.x before 310.44, and 313.x before 313.30 for the X Window System on UNIX, when NoScanout mode is enabled, allows remote authenticated users to execute arbitrary code via a large ARGB cursor. | |||||
| CVE-2013-0216 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 5.2 MEDIUM | N/A |
| The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. | |||||
| CVE-2013-0217 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 5.2 MEDIUM | N/A |
| Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions. | |||||
| CVE-2013-0228 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 6.2 MEDIUM | N/A |
| The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application. | |||||
| CVE-2013-0268 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 6.2 MEDIUM | N/A |
| The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. | |||||
| CVE-2011-4716 | 1 Dream-multimedia-tv | 4 Dreambox Dm800 Hd Pvr, Dreambox Dm800 Hd Pvr Firmware, Dreambox Dm800 Hd Se and 1 more | 2013-08-22 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter. | |||||
| CVE-2010-2131 | 2 Mario Matzulla, Typo3 | 2 Cal, Typo3 | 2013-08-22 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. | |||||
| CVE-2012-4922 | 1 Torproject | 1 Tor | 2013-08-22 | 5.0 MEDIUM | N/A |
| The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419. | |||||
| CVE-2012-4960 | 1 Huawei | 66 Acu, Ar 19\/29\/49, Ar G3 and 63 more | 2013-08-22 | 6.5 MEDIUM | N/A |
| The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | |||||
| CVE-2012-4419 | 1 Torproject | 1 Tor | 2013-08-22 | 5.0 MEDIUM | N/A |
| The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison. | |||||
| CVE-2012-4565 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 4.7 MEDIUM | N/A |
| The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. | |||||
| CVE-2012-4225 | 1 Nvidia | 1 Unix Graphic Driver | 2013-08-22 | 7.2 HIGH | N/A |
| NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0. | |||||
| CVE-2012-3517 | 1 Tor | 1 Tor | 2013-08-22 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. | |||||
| CVE-2012-3518 | 1 Tor | 1 Tor | 2013-08-22 | 5.0 MEDIUM | N/A |
| The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document. | |||||
| CVE-2012-3519 | 1 Tor | 1 Tor | 2013-08-22 | 5.0 MEDIUM | N/A |
| routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. | |||||
| CVE-2012-2921 | 1 Mark Pilgrim | 1 Feedparser | 2013-08-22 | 5.0 MEDIUM | N/A |
| Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document. | |||||
| CVE-2012-0957 | 1 Linux | 1 Linux Kernel | 2013-08-22 | 4.9 MEDIUM | N/A |
| The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. | |||||
| CVE-2012-0283 | 1 Andreas Gohr | 1 Dokuwiki | 2013-08-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php. | |||||
| CVE-2013-4114 | 1 Henri Wahl | 1 Nagstamon | 2013-08-21 | 5.0 MEDIUM | N/A |
| The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-5321 | 1 Alienvault | 1 Open Source Security Information Management | 2013-08-21 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php. | |||||
| CVE-2013-5319 | 1 Atlassian | 1 Jira | 2013-08-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa. | |||||
| CVE-2010-0696 | 2 Joomla, Joomlaworks | 2 Joomla, Jw Allvideos | 2013-08-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. | |||||
| CVE-1999-1183 | 1 Sgi | 1 Irix | 2013-08-21 | 7.6 HIGH | N/A |
| System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or x-sgi-exec type. | |||||
| CVE-2013-4236 | 1 Redhat | 1 Enterprise Virtualization | 2013-08-20 | 2.7 LOW | N/A |
| VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167. | |||||
| CVE-2013-0167 | 1 Redhat | 1 Enterprise Virtualization | 2013-08-20 | 2.7 LOW | N/A |
| VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields." | |||||
| CVE-2013-5314 | 1 S9y | 1 Serendipity | 2013-08-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter. | |||||
| CVE-2013-5313 | 1 Bigtreecms | 1 Bigtree Cms | 2013-08-20 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/update.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify arbitrary user accounts via an edit user action. | |||||
| CVE-2013-5312 | 1 Vastal | 1 Phpvid | 2013-08-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2) cat parameter to groups.php. | |||||
| CVE-2013-5311 | 1 Vastal | 1 Phpvid | 2013-08-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157. | |||||
| CVE-2013-3348 | 1 Adobe | 1 Shockwave Player | 2013-08-20 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.3.133 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2013-3400 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2013-08-20 | 6.8 MEDIUM | N/A |
| The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. | |||||
| CVE-2013-3402 | 1 Cisco | 1 Unified Communications Manager | 2013-08-20 | 6.5 MEDIUM | N/A |
| An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. | |||||
| CVE-2013-3403 | 1 Cisco | 1 Unified Communications Manager | 2013-08-20 | 6.8 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454. | |||||
| CVE-2013-3404 | 1 Cisco | 1 Unified Communications Manager | 2013-08-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051. | |||||
| CVE-2013-3408 | 1 Cisco | 3 Virtualization Experience Client 6000, Virtualization Experience Client 6000 Series Firmware, Virtualization Experience Client 6215 | 2013-08-20 | 6.8 MEDIUM | N/A |
| The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain privileges via an unspecified sequence of commands, aka Bug ID CSCuc31764. | |||||
| CVE-2013-3410 | 1 Cisco | 2 Intrusion Prevention System, Ips Nme | 2013-08-20 | 7.8 HIGH | N/A |
| Cisco Intrusion Prevention System (IPS) Software on IPS NME devices before 7.0(9)E4 allows remote attackers to cause a denial of service (device reload) via malformed IPv4 packets that trigger incorrect memory allocation, aka Bug ID CSCua61977. | |||||
| CVE-2013-3411 | 1 Cisco | 2 Idsm-2, Intrusion Prevention System | 2013-08-20 | 7.8 HIGH | N/A |
| The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software on Cisco Catalyst 6500 devices with an IDSM-2 module allow remote attackers to cause a denial of service (device hang) via malformed IPv4 TCP packets, aka Bug ID CSCuh27460. | |||||
| CVE-2013-3412 | 1 Cisco | 1 Unified Communications Manager | 2013-08-20 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. | |||||
| CVE-2013-3416 | 1 Cisco | 2 Unified Operations Manager, Unified Service Monitor | 2013-08-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997. | |||||