Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4329 | 1 Xen | 1 Xen | 2024-02-28 | 6.5 MEDIUM | N/A |
| The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. | |||||
| CVE-2013-3880 | 1 Microsoft | 3 Windows 8, Windows Rt, Windows Server 2012 | 2024-02-28 | 3.5 LOW | N/A |
| The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka "App Container Elevation of Privilege Vulnerability." | |||||
| CVE-2012-0361 | 1 Cisco | 1 Ip Communicator | 2024-02-28 | 5.0 MEDIUM | N/A |
| The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315. | |||||
| CVE-2012-1458 | 2 Clamav, Sophos | 2 Clamav, Sophos Anti-virus | 2024-02-28 | 4.3 MEDIUM | N/A |
| The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations. | |||||
| CVE-2012-3449 | 1 Openvswitch | 1 Openvswitch | 2024-02-28 | 3.6 LOW | N/A |
| Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files. | |||||
| CVE-2012-2928 | 2 Atlassian, Gliffy | 3 Confluence Server, Jira, Gliffy | 2024-02-28 | 6.4 MEDIUM | N/A |
| The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | |||||
| CVE-2012-1453 | 13 Antiy, Ca, Drweb and 10 more | 14 Avl Sdk, Etrust Vet Antivirus, Dr.web Antivirus and 11 more | 2024-02-28 | 4.3 MEDIUM | N/A |
| The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
| CVE-2013-1696 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.0 MEDIUM | N/A |
| Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses. | |||||
| CVE-2011-4583 | 1 Moodle | 1 Moodle | 2024-02-28 | 6.5 MEDIUM | N/A |
| Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | |||||
| CVE-2012-6102 | 1 Moodle | 1 Moodle | 2024-02-28 | 6.4 MEDIUM | N/A |
| lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI. | |||||
| CVE-2012-0793 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.0 MEDIUM | N/A |
| Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. | |||||
| CVE-2012-2561 | 1 Hp | 1 Business Service Management | 2024-02-28 | 10.0 HIGH | N/A |
| HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444. | |||||
| CVE-2013-2786 | 1 Alstom | 2 Micom S1 Agile, Micom S1 Studio | 2024-02-28 | 6.6 MEDIUM | N/A |
| Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studio use weak permissions for the MiCOM S1 %PROGRAMFILES% directory, which allows local users to gain privileges via a Trojan horse executable file. | |||||
| CVE-2012-2770 | 2 Bestpractical, Mike Peachey | 2 Rt, Authen\ | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user." | |||||
| CVE-2013-1768 | 1 Apache | 1 Openjpa | 2024-02-28 | 7.5 HIGH | N/A |
| The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs. | |||||
| CVE-2012-2203 | 1 Ibm | 3 Global Security Kit, Rational Directory Server, Tivoli Directory Server | 2024-02-28 | 7.5 HIGH | N/A |
| IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate. | |||||
| CVE-2013-5190 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.3 MEDIUM | N/A |
| Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure. | |||||
| CVE-2013-1214 | 1 Cisco | 1 Unified Contact Center Express Editor Software | 2024-02-28 | 5.0 MEDIUM | N/A |
| The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546. | |||||
| CVE-2013-1027 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.8 MEDIUM | N/A |
| Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. | |||||
| CVE-2013-6400 | 1 Xen | 1 Xen | 2024-02-28 | 6.8 MEDIUM | N/A |
| Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors. | |||||