Total
9731 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0801 | 1 Moodle | 1 Moodle | 2024-02-28 | 7.5 HIGH | N/A |
lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. | |||||
CVE-2012-0160 | 1 Microsoft | 1 .net Framework | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." | |||||
CVE-2013-4339 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 7.5 HIGH | N/A |
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string. | |||||
CVE-2013-0867 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 9.3 HIGH | N/A |
The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access. | |||||
CVE-2013-5536 | 1 Cisco | 1 Secure Access Control System | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521. | |||||
CVE-2013-1581 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 2.9 LOW | N/A |
The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of service (loop) via a malformed packet. | |||||
CVE-2012-5787 | 1 Paypal | 1 Merchant Sdk | 2024-02-28 | 5.8 MEDIUM | N/A |
The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2013-2798 | 1 Selinc | 4 Sel-2241, Sel-3505, Sel-3530 and 1 more | 2024-02-28 | 4.7 MEDIUM | N/A |
Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. | |||||
CVE-2013-1656 | 1 Spreecommerce | 1 Spree | 2024-02-28 | 4.3 MEDIUM | N/A |
Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/controllers/spree/admin/payment_methods_controller.rb; and the (2) promotion_action parameter to promotion_actions_controller.rb, (3) promotion_rule parameter to promotion_rules_controller.rb, and (4) calculator_type parameter to promotions_controller.rb in promo/app/controllers/spree/admin/, related to unsafe use of the constantize function. | |||||
CVE-2013-3045 | 1 Ibm | 1 Lotus Sametime | 2024-02-28 | 3.5 LOW | N/A |
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function. | |||||
CVE-2013-5045 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 6.2 MEDIUM | N/A |
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
CVE-2012-1817 | 1 Emerson | 3 Deltav, Deltav Proessentials Scientific Graph, Deltav Workstation | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file. | |||||
CVE-2012-6073 | 2 Cloudbees, Jenkins | 2 Jenkins, Jenkins | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2012-6031 | 1 Xen | 1 Xen | 2024-02-28 | 4.7 MEDIUM | N/A |
The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | |||||
CVE-2011-2503 | 1 Systemtap | 1 Systemtap | 2024-02-28 | 3.7 LOW | N/A |
The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization. | |||||
CVE-2012-5789 | 1 Paypal | 1 Payments Standard | 2024-02-28 | 5.8 MEDIUM | N/A |
PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to intentional disabling of certificate-validation checks through a "FALSE" value. | |||||
CVE-2013-3242 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.5 MEDIUM | N/A |
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors. | |||||
CVE-2013-7263 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | N/A |
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. | |||||
CVE-2012-0853 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2024-02-28 | 6.8 MEDIUM | N/A |
The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file. | |||||
CVE-2013-0713 | 1 Windriver | 1 Vxworks | 2024-02-28 | 6.8 MEDIUM | N/A |
IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request. |