Total
264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0957 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | N/A |
| The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. | |||||
| CVE-2013-0118 | 1 Cs-cart | 1 Cs-cart | 2024-02-28 | 5.0 MEDIUM | N/A |
| CS-Cart before 3.0.6, when PayPal Standard Payments is configured, allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self. | |||||
| CVE-2012-3276 | 1 Hp | 1 Openvms | 2024-02-28 | 2.1 LOW | N/A |
| HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors. | |||||
| CVE-2011-1164 | 1 David King | 1 Vino | 2024-02-28 | 4.6 MEDIUM | N/A |
| Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks. | |||||
| CVE-2013-3051 | 2 Motorola, Qualcomm | 5 Android, Atrix Hd, Razr Hd and 2 more | 2024-02-28 | 6.2 MEDIUM | N/A |
| The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596. | |||||
| CVE-2012-1909 | 1 Bitcoin | 2 Bitcoin Core, Wxbitcoin | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction. | |||||
| CVE-2013-0683 | 2 Cogentdatahub, Microsoft | 5 Cascade Datahub, Cogent Datahub, Datahub Quicktrend and 2 more | 2024-02-28 | 7.1 HIGH | N/A |
| The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command. | |||||
| CVE-2012-2351 | 2 Debian, Mahara | 2 Debian Linux, Mahara | 2024-02-28 | 5.0 MEDIUM | N/A |
| The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. | |||||
| CVE-2013-4316 | 2 Apache, Oracle | 4 Struts, Flexcube Private Banking, Mysql Enterprise Monitor and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
| Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. | |||||
| CVE-2012-5770 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-02-28 | 5.8 MEDIUM | N/A |
| The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack. | |||||
| CVE-2012-5634 | 1 Xen | 1 Xen | 2024-02-28 | 6.1 MEDIUM | N/A |
| Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt. | |||||
| CVE-2011-2730 | 1 Springsource | 1 Spring Framework | 2024-02-28 | 7.5 HIGH | N/A |
| VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." | |||||
| CVE-2012-4690 | 1 Rockwellautomation | 3 Ab Micrologix Controller, Plc-5 Controller, Slc 500 Controller | 2024-02-28 | 7.1 HIGH | N/A |
| Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote attackers to cause a denial of service via messages that trigger modification of status bits. | |||||
| CVE-2013-2205 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 4.3 MEDIUM | N/A |
| The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. | |||||
| CVE-2013-0253 | 1 Apache | 2 Maven, Maven Wagon | 2024-02-28 | 5.8 MEDIUM | N/A |
| The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack. | |||||
| CVE-2011-4585 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.0 MEDIUM | N/A |
| login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network. | |||||
| CVE-2009-5119 | 1 Websense | 2 Websense Web Filter, Websense Web Security | 2024-02-28 | 4.3 MEDIUM | N/A |
| The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. | |||||
| CVE-2009-5120 | 1 Websense | 2 Websense Web Filter, Websense Web Security | 2024-02-28 | 4.3 MEDIUM | N/A |
| The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port. | |||||
| CVE-2011-2395 | 1 Cisco | 1 Ios | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message. | |||||
| CVE-2010-4021 | 1 Mit | 1 Kerberos 5 | 2024-02-28 | 2.1 LOW | N/A |
| The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue." | |||||