Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4100 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cryptocat before 2.0.22 has Remote Denial of Service via username
|
|||||
| CVE-2013-3945 | 1 Extensis | 1 Mrsid | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag.
|
|||||
| CVE-2013-3738 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.
|
|||||
| CVE-2013-3718 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Evince, Opensuse and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
evince is missing a check on number of pages which can lead to a segmentation fault
|
|||||
| CVE-2013-2571 | 1 Hcomm | 1 Xpient Iris | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.
|
|||||
| CVE-2013-2259 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview
|
|||||
| CVE-2013-2227 | 2 Debian, Glpi-project | 2 Debian Linux, Glpi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
GLPI 0.83.7 has Local File Inclusion in common.tabs.php.
|
|||||
| CVE-2013-2103 | 1 Redhat | 1 Openshift | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
OpenShift cartridge allows remote URL retrieval
|
|||||
| CVE-2013-2093 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2013-1930 | 2 Fedoraproject, Mantisbt | 2 Fedora, Mantisbt | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.
|
|||||
| CVE-2013-1910 | 2 Baseurl, Debian | 2 Yum, Debian Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.
|
|||||
| CVE-2013-1889 | 1 Mod Ruid2 Project | 1 Mod Ruid2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot.
|
|||||
| CVE-2013-1820 | 2 Fedoraproject, Redhat | 2 Fedora, Tuned | 2024-11-21 | 4.7 MEDIUM | 5.5 MEDIUM |
|
tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service.
|
|||||
| CVE-2013-1816 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
|
|||||
| CVE-2013-1811 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
|
|||||
| CVE-2013-1751 | 1 Twiki | 1 Twiki | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
|
|||||
| CVE-2013-1689 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.
|
|||||
| CVE-2013-1607 | 1 Pdfkit Project | 1 Pdfkit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability
|
|||||
| CVE-2013-0342 | 1 Pyrad Project | 1 Pyrad | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.
|
|||||
| CVE-2013-0267 | 1 Apache | 1 Vcl | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation.
|
|||||
| CVE-2013-0243 | 1 Haskell | 1 Hs-tls | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections
|
|||||
| CVE-2013-0180 | 1 Redislabs | 1 Redis | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.
|
|||||
| CVE-2013-0178 | 1 Redislabs | 1 Redis | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
|
|||||
| CVE-2013-0165 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.
|
|||||
| CVE-2012-6135 | 2 Phusion, Redhat | 2 Passenger, Openshift | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
|
|||||
| CVE-2012-6125 | 1 Call-cc | 1 Chicken | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.
|
|||||
| CVE-2012-6123 | 2 Call-cc, Debian | 2 Chicken, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
|
|||||
| CVE-2012-6111 | 2 Debian, Gnome | 2 Debian Linux, Gnome Keyring | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function
|
|||||
| CVE-2012-6070 | 1 Falconpl | 1 Falconpl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.
|
|||||
| CVE-2012-5699 | 1 Babygekko | 1 Babygekko | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
BabyGekko before 1.2.4 allows PHP file inclusion.
|
|||||
| CVE-2012-5582 | 1 Opendnssec | 1 Opendnssec | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
opendnssec misuses libcurl API
|
|||||
| CVE-2012-5360 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.
|
|||||
| CVE-2012-5359 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.
|
|||||
| CVE-2012-4603 | 2 Citrix, Microsoft | 3 Receiver, Xenapp Online, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver.
|
|||||
| CVE-2012-4576 | 2 Debian, Freebsd | 2 Debian Linux, Freebsd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges
|
|||||
| CVE-2012-4524 | 2 Fedoraproject, Sillycycle | 2 Fedora, Xlockmore | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
xlockmore before 5.43 'dclock' security bypass vulnerability
|
|||||
| CVE-2012-4438 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.
|
|||||
| CVE-2012-4030 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.
|
|||||
| CVE-2012-3543 | 3 Canonical, Debian, Mono-project | 3 Ubuntu Linux, Debian Linux, Mono | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
mono 2.10.x ASP.NET Web Form Hash collision DoS
|
|||||
| CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
cumin: At installation postgresql database user created without password
|
|||||