Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4170 | 1 Adobe | 1 Photoshop Cs6 | 2013-04-19 | 9.3 HIGH | N/A |
| Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2012-4404 | 1 Moinmo | 1 Moinmoin | 2013-04-19 | 6.0 MEDIUM | N/A |
| security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group. | |||||
| CVE-2012-3430 | 1 Linux | 1 Linux Kernel | 2013-04-19 | 2.1 LOW | N/A |
| The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. | |||||
| CVE-2012-3450 | 1 Php | 1 Php | 2013-04-19 | 2.6 LOW | N/A |
| pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value. | |||||
| CVE-2012-3510 | 1 Linux | 1 Linux Kernel | 2013-04-19 | 5.6 MEDIUM | N/A |
| Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. | |||||
| CVE-2012-2655 | 1 Postgresql | 1 Postgresql | 2013-04-19 | 4.0 MEDIUM | N/A |
| PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler. | |||||
| CVE-2012-2745 | 1 Linux | 1 Linux Kernel | 2013-04-19 | 4.7 MEDIUM | N/A |
| The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. | |||||
| CVE-2012-3136 | 1 Oracle | 2 Jdk, Jre | 2013-04-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682. | |||||
| CVE-2012-2085 | 1 Gajim | 1 Gajim | 2013-04-19 | 6.8 MEDIUM | N/A |
| The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute. | |||||
| CVE-2012-2086 | 1 Gajim | 1 Gajim | 2013-04-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter. | |||||
| CVE-2012-2186 | 1 Asterisk | 4 Business Edition, Certified Asterisk, Digiumphones and 1 more | 2013-04-19 | 9.0 HIGH | N/A |
| Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. | |||||
| CVE-2012-2240 | 1 Devscripts Devel Team | 1 Devscripts | 2013-04-19 | 7.5 HIGH | N/A |
| scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands." | |||||
| CVE-2012-2242 | 1 Devscripts Devel Team | 1 Devscripts | 2013-04-19 | 6.8 MEDIUM | N/A |
| scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240. | |||||
| CVE-2012-2253 | 1 Mahara | 1 Mahara | 2013-04-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2012-2284 | 2 Emc, Microsoft | 2 Networker Module For Microsoft Applications, Exchange Server | 2013-04-19 | 2.1 LOW | N/A |
| The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. | |||||
| CVE-2012-2290 | 1 Emc | 1 Networker Module For Microsoft Applications | 2013-04-19 | 9.3 HIGH | N/A |
| The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel. | |||||
| CVE-2012-2389 | 1 W1.fi | 1 Hostapd | 2013-04-19 | 2.1 LOW | N/A |
| hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials. | |||||
| CVE-2010-2322 | 1 Matthias Klose | 1 Fastjar | 2013-04-19 | 2.6 LOW | N/A |
| Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619. | |||||
| CVE-2010-0831 | 1 Matthias Klose | 1 Fastjar | 2013-04-19 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619. | |||||
| CVE-2010-0547 | 1 Samba | 1 Samba | 2013-04-19 | 2.1 LOW | N/A |
| client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. | |||||
| CVE-2009-1284 | 1 Bibtex | 1 Bibtex | 2013-04-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file. | |||||
| CVE-2008-5374 | 1 Matthias Klose | 1 Bash-doc | 2013-04-19 | 6.9 MEDIUM | N/A |
| bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts. | |||||
| CVE-2013-1748 | 1 Chatelao | 1 Php Address Book | 2013-04-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2. | |||||
| CVE-2013-1749 | 1 Chatelao | 1 Php Address Book | 2013-04-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field. | |||||
| CVE-2012-4695 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2013-04-18 | 7.1 HIGH | N/A |
| LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage) via a zero-byte UDP packet that is not properly handled by Logger.dll. | |||||
| CVE-2012-4713 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2013-04-18 | 7.8 HIGH | N/A |
| Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a negative integer value. | |||||
| CVE-2012-4714 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2013-04-18 | 7.8 HIGH | N/A |
| Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a large integer value. | |||||
| CVE-2013-0687 | 1 Schneider-electric | 1 Micom S1 Studio | 2013-04-18 | 6.6 MEDIUM | N/A |
| The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file. | |||||
| CVE-2013-2760 | 1 Bestwebsharing | 1 Groovy Media Player | 2013-04-18 | 6.8 MEDIUM | N/A |
| Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file. | |||||
| CVE-2013-2832 | 1 Google | 1 Chrome Os | 2013-04-18 | 5.0 MEDIUM | N/A |
| The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-2833 | 1 Google | 1 Chrome Os | 2013-04-17 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper management of ownership relationships involving Elements and DrawElements. | |||||
| CVE-2013-2834 | 1 Google | 1 Chrome Os | 2013-04-17 | 5.0 MEDIUM | N/A |
| Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835. | |||||
| CVE-2013-2835 | 1 Google | 1 Chrome Os | 2013-04-17 | 5.0 MEDIUM | N/A |
| Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834. | |||||
| CVE-2012-3022 | 1 Canarylabs | 1 Trendlink | 2013-04-16 | 8.5 HIGH | N/A |
| The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site. | |||||
| CVE-2012-5415 | 1 Cisco | 3 5500 Adaptive Security Appliance, 5500 Series Adaptive Security Appliance, Adaptive Security Appliance | 2013-04-16 | 5.4 MEDIUM | N/A |
| Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272. | |||||
| CVE-2013-1187 | 1 Cisco | 1 Jabber Extensible Communications Platform | 2013-04-16 | 5.0 MEDIUM | N/A |
| The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762. | |||||
| CVE-2013-1197 | 1 Cisco | 1 Unified Presence | 2013-04-16 | 6.8 MEDIUM | N/A |
| The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912. | |||||
| CVE-2013-2303 | 1 Fenrir-inc | 1 Sleipnir | 2013-04-16 | 5.0 MEDIUM | N/A |
| Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to spoof the SSL lock icon and address-bar colors via unspecified vectors. | |||||
| CVE-2013-2304 | 2 Fenrir-inc, Google | 2 Sleipnir Mobile, Android | 2013-04-16 | 5.8 MEDIUM | N/A |
| The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger downloads or obtain sensitive HTTP response-body information, via a crafted web page. | |||||
| CVE-2013-0285 | 1 Nori Gem Project | 1 Nori Gem | 2013-04-16 | 7.5 HIGH | N/A |
| The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. | |||||
| CVE-2013-0915 | 1 Google | 1 Chrome Os | 2013-04-16 | 10.0 HIGH | N/A |
| The GPU process in Google Chrome OS before 25.0.1364.173 allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an "overflow." | |||||
| CVE-2012-3532 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2013-04-15 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2013-0314 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2013-04-15 | 7.5 HIGH | N/A |
| The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets. | |||||
| CVE-2013-0315 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2013-04-15 | 5.0 MEDIUM | N/A |
| The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack. | |||||
| CVE-2013-1155 | 1 Cisco | 1 Firewall Services Module Software | 2013-04-15 | 7.8 HIGH | N/A |
| The auth-proxy functionality in Cisco Firewall Services Module (FWSM) software 3.1 and 3.2 before 3.2(20.1), 4.0 before 4.0(15.2), and 4.1 before 4.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted URL, aka Bug ID CSCtg02624. | |||||
| CVE-2013-1168 | 1 Cisco | 1 Unified Meetingplace | 2013-04-15 | 7.6 HIGH | N/A |
| The web server in Cisco Unified MeetingPlace Application Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 1, and 8.5 before 8.5MR3 Patch 1 does not invalidate a session upon a logout action, which makes it easier for remote attackers to hijack sessions by leveraging knowledge of a session cookie, aka Bug ID CSCuc64885. | |||||
| CVE-2013-1169 | 1 Cisco | 1 Unified Meetingplace Web Conferencing Server | 2013-04-15 | 9.3 HIGH | N/A |
| Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate users via a crafted login request, aka Bug ID CSCuc64846. | |||||
| CVE-2013-3051 | 2 Motorola, Qualcomm | 5 Android, Atrix Hd, Razr Hd and 2 more | 2013-04-15 | 6.2 MEDIUM | N/A |
| The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596. | |||||
| CVE-2012-3010 | 1 Ge | 1 Intelligent Platforms Proficy Real-time Information Portal | 2013-04-13 | 10.0 HIGH | N/A |
| rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026. | |||||
| CVE-2012-3021 | 1 Ge | 1 Intelligent Platforms Proficy Real-time Information Portal | 2013-04-13 | 10.0 HIGH | N/A |
| rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026. | |||||