Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2494 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2012-06-21 | 4.3 MEDIUM | N/A |
| The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681. | |||||
| CVE-2012-2495 | 1 Cisco | 2 Anyconnect Secure Mobility Client, Secure Desktop | 2012-06-21 | 4.3 MEDIUM | N/A |
| The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235. | |||||
| CVE-2012-3790 | 1 Adiscon | 1 Loganalyzer | 2012-06-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action. | |||||
| CVE-2009-0693 | 1 Dell | 1 Wyse Device Manager | 2012-06-20 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe. | |||||
| CVE-2011-3494 | 1 Interactivedata | 1 Esignal | 2012-06-20 | 10.0 HIGH | N/A |
| WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-0802 | 1 Spamdyke | 1 Spamdyke | 2012-06-20 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to "serious errors in the usage of snprintf()/vsnprintf()" in which the return values may be larger than the size of the buffer. | |||||
| CVE-2012-2636 | 1 Kent-web | 1 Web Patio | 2012-06-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2637 | 1 Kent-web | 1 Web Patio | 2012-06-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie. | |||||
| CVE-2012-2638 | 1 Wap2 | 1 Smallpict | 2012-06-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT before 2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-3555 | 1 Opera | 1 Opera Browser | 2012-06-20 | 7.6 HIGH | N/A |
| Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue. | |||||
| CVE-2011-3671 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2012-06-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element. | |||||
| CVE-2010-4337 | 1 Gnu | 1 Gnash | 2012-06-19 | 3.3 LOW | N/A |
| The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files. | |||||
| CVE-2011-5094 | 1 Mozilla | 1 Network Security Services | 2012-06-18 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment. | |||||
| CVE-2012-2632 | 1 Seil | 5 B1, B1 Firmware, X1 and 2 more | 2012-06-18 | 2.6 LOW | N/A |
| SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which allows remote attackers to bypass intended URL restrictions via a TCP session. | |||||
| CVE-2012-2634 | 1 Newsgator | 1 Feeddemon | 2012-06-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when the feed preview option is enabled, allows remote attackers to inject arbitrary web script or HTML via a feed. | |||||
| CVE-2012-2635 | 2 Dolphin-browser, Google | 3 Dolphin Browser Hd, Dolphin For Pad, Android | 2012-06-18 | 4.3 MEDIUM | N/A |
| The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2012-2631 | 1 Atmarkweb | 2 \@web Shoppingcart, \@web Shoppingcart T | 2012-06-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart before 1.5.2.0, and @WEB ShoppingCart T 1.5.0.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-3557 | 1 Opera | 1 Opera Browser | 2012-06-15 | 5.0 MEDIUM | N/A |
| Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site. | |||||
| CVE-2012-3556 | 1 Opera | 1 Opera Browser | 2012-06-15 | 9.3 HIGH | N/A |
| Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site. | |||||
| CVE-2006-7244 | 1 Libpng | 1 Libpng | 2012-06-15 | 5.0 MEDIUM | N/A |
| Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. | |||||
| CVE-2010-0933 | 1 Perforce | 1 Perforce Server | 2012-06-15 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command. | |||||
| CVE-2011-1643 | 1 Cisco | 2 Unified Communications Manager, Unified Presence Server | 2012-06-15 | 10.0 HIGH | N/A |
| Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. | |||||
| CVE-2011-1768 | 1 Linux | 1 Linux Kernel | 2012-06-15 | 5.4 MEDIUM | N/A |
| The tunnels implementation in the Linux kernel before 2.6.34, when tunnel functionality is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading. | |||||
| CVE-2011-2560 | 1 Cisco | 1 Unified Communications Manager | 2012-06-15 | 7.8 HIGH | N/A |
| The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162. | |||||
| CVE-2011-2561 | 1 Cisco | 1 Unified Communications Manager | 2012-06-15 | 7.1 HIGH | N/A |
| The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990. | |||||
| CVE-2011-2562 | 1 Cisco | 1 Unified Communications Manager | 2012-06-15 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256. | |||||
| CVE-2011-2899 | 1 Redhat | 1 System-config-printer | 2012-06-15 | 5.1 MEDIUM | N/A |
| pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers. | |||||
| CVE-2011-3123 | 2 Ibm, Linux | 3 Infosphere Datastage, Infosphere Information Server, Linux Kernel | 2012-06-15 | 7.2 HIGH | N/A |
| IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | |||||
| CVE-2011-3124 | 2 Ibm, Linux | 3 Infosphere Datastage, Infosphere Information Server, Linux Kernel | 2012-06-15 | 7.2 HIGH | N/A |
| IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which allows local users to gain privileges via unknown vectors. | |||||
| CVE-2012-1544 | 2012-06-15 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-1876. Reason: This candidate is a duplicate of CVE-2012-1876. Notes: All CVE users should reference CVE-2012-1876 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-3289 | 1 Vmware | 4 Esx, Esxi, Player and 1 more | 2012-06-15 | 7.8 HIGH | N/A |
| VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device. | |||||
| CVE-2012-3558 | 1 Opera | 1 Opera Browser | 2012-06-15 | 2.6 LOW | N/A |
| Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects. | |||||
| CVE-2012-3560 | 1 Opera | 1 Opera Browser | 2012-06-15 | 4.3 MEDIUM | N/A |
| Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page. | |||||
| CVE-2011-1759 | 1 Linux | 1 Linux Kernel | 2012-06-14 | 6.2 MEDIUM | N/A |
| Integer overflow in the sys_oabi_semtimedop function in arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 2.6.39 on the ARM platform, when CONFIG_OABI_COMPAT is enabled, allows local users to gain privileges or cause a denial of service (heap memory corruption) by providing a crafted argument and leveraging a race condition. | |||||
| CVE-2011-2183 | 1 Linux | 1 Linux Kernel | 2012-06-14 | 4.0 MEDIUM | N/A |
| Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application. | |||||
| CVE-2011-2493 | 1 Linux | 1 Linux Kernel | 2012-06-14 | 2.1 LOW | N/A |
| The ext4_fill_super function in fs/ext4/super.c in the Linux kernel before 2.6.39 does not properly initialize a certain error-report data structure, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. | |||||
| CVE-2011-2545 | 1 Cisco | 18 Spa2102 Phone Adapter With Router, Spa2102 Phone Adapter With Router Firmware, Spa3102 Voice Gateway With Router and 15 more | 2012-06-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715. | |||||
| CVE-2012-3287 | 1 Poul-henning Kamp | 1 Md5crypt | 2012-06-14 | 5.0 MEDIUM | N/A |
| Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack, as demonstrated by an attack using GPU hardware. | |||||
| CVE-2011-2211 | 1 Linux | 1 Linux Kernel | 2012-06-13 | 7.2 HIGH | N/A |
| The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform uses an incorrect pointer, which allows local users to gain privileges by writing a certain integer value to kernel memory. | |||||
| CVE-2012-2604 | 1 Bradfordnetworks | 2 Network Sentry Appliance, Network Sentry Appliance Software | 2012-06-13 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields. | |||||
| CVE-2012-2605 | 1 Bradfordnetworks | 2 Network Sentry Appliance, Network Sentry Appliance Software | 2012-06-13 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients. | |||||
| CVE-2012-2606 | 1 Bradfordnetworks | 2 Network Sentry Appliance, Network Sentry Appliance Software | 2012-06-13 | 5.0 MEDIUM | N/A |
| The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack. | |||||
| CVE-2011-2209 | 1 Linux | 1 Linux Kernel | 2012-06-13 | 2.1 LOW | N/A |
| Integer signedness error in the osf_sysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call. | |||||
| CVE-2011-1767 | 1 Linux | 1 Linux Kernel | 2012-06-13 | 5.4 MEDIUM | N/A |
| net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is configured as a module, allows remote attackers to cause a denial of service (OOPS) by sending a packet during module loading. | |||||
| CVE-2011-1927 | 1 Linux | 1 Linux Kernel | 2012-06-13 | 5.0 MEDIUM | N/A |
| The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel before 2.6.39 does not properly construct ICMP_TIME_EXCEEDED packets after a timeout, which allows remote attackers to cause a denial of service (invalid pointer dereference) via crafted fragmented packets. | |||||
| CVE-2011-2208 | 1 Linux | 1 Linux Kernel | 2012-06-13 | 2.1 LOW | N/A |
| Integer signedness error in the osf_getdomainname function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call. | |||||
| CVE-2011-2210 | 1 Linux | 1 Linux Kernel | 2012-06-13 | 2.1 LOW | N/A |
| The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform does not properly restrict the data size for GSI_GET_HWRPB operations, which allows local users to obtain sensitive information from kernel memory via a crafted call. | |||||
| CVE-2012-2041 | 1 Adobe | 1 Coldfusion | 2012-06-13 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2012-1825 | 1 Forescout | 1 Counteract | 2012-06-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter. | |||||
| CVE-2012-2595 | 1 Siemens | 1 Wincc | 2012-06-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters. | |||||