Max CVSS 10.0 Min CVSS 3.5 Total Count51
IDCVSSSummaryLast (major) updatePublished
CVE-2013-0399 6.6
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount.
09-11-2016 - 16:40 16-01-2013 - 20:55
CVE-2013-0400 6.6
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs.
09-11-2016 - 16:40 16-01-2013 - 20:55
CVE-2012-1149 7.5
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a cra
30-08-2016 - 13:34 21-06-2012 - 11:55
CVE-2012-2375 4.6
The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service (OOPS) by s
22-08-2016 - 22:05 13-06-2012 - 06:24
CVE-2012-2333 6.8
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified
22-08-2016 - 22:05 14-05-2012 - 18:55
CVE-2012-0884 5.0
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Millio
22-08-2016 - 22:05 12-03-2012 - 23:12
CVE-2012-2401 5.0
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy
05-05-2014 - 01:10 21-04-2012 - 19:55
CVE-2012-2134 4.3
The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infinite loop and named server hang) via a non-alphabet c
10-03-2014 - 15:18 26-02-2014 - 10:55
CVE-2012-3112 4.3
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Solaris Management Console.
10-10-2013 - 23:44 17-07-2012 - 19:55
CVE-2012-2139 5.0
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.
07-10-2013 - 12:18 18-07-2012 - 14:55
CVE-2012-2129 4.3
Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.
02-09-2013 - 02:23 27-08-2012 - 17:55
CVE-2012-2942 5.1
Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of servic
21-08-2013 - 23:55 27-05-2012 - 16:55
CVE-2012-2311 7.5
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to exec
23-07-2013 - 05:39 11-05-2012 - 06:15
CVE-2012-2399 10.0
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML vi
19-07-2013 - 23:28 21-04-2012 - 19:55
CVE-2012-1823 7.5
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by
19-07-2013 - 23:27 11-05-2012 - 06:15
CVE-2012-1601 4.9
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
20-06-2013 - 23:10 17-05-2012 - 07:00
CVE-2011-4131 4.6
The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.
20-06-2013 - 23:06 17-05-2012 - 07:00
CVE-2012-2745 4.7
The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork s
18-04-2013 - 23:22 09-08-2012 - 06:29
CVE-2012-2123 7.2
The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intend
14-02-2013 - 23:56 17-05-2012 - 07:00
CVE-2011-4086 4.9
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux kernel before 3.3.1 does not properly handle the _Delay and _Unwritten buffer head states, which allows local users to cause a denial of service (system crash) by leveraging the
14-02-2013 - 23:50 03-07-2012 - 12:40
CVE-2011-3115 7.5
Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger "type corruption."
19-11-2012 - 23:35 24-05-2012 - 14:55
CVE-2011-3111 5.0
Google V8, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (invalid read operation) via unspecified vectors.
19-11-2012 - 23:35 24-05-2012 - 14:55
CVE-2011-3108 10.0
Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to the browser cache.
19-11-2012 - 23:35 24-05-2012 - 14:55
CVE-2011-3107 7.5
Google Chrome before 19.0.1084.52 does not properly implement JavaScript bindings for plug-ins, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors.
19-11-2012 - 23:35 24-05-2012 - 14:55
CVE-2011-3106 10.0
The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
19-11-2012 - 23:35 24-05-2012 - 14:55
CVE-2011-3105 7.5
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-lett
19-11-2012 - 23:35 24-05-2012 - 14:55
CVE-2011-3104 5.0
Skia, as used in Google Chrome before 19.0.1084.52, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-11-2012 - 23:35 24-05-2012 - 14:55
CVE-2011-3103 7.5
Google V8, as used in Google Chrome before 19.0.1084.52, does not properly perform garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript cod
19-11-2012 - 23:35 24-05-2012 - 14:55
CVE-2012-2451 3.6
The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE
06-11-2012 - 00:11 27-06-2012 - 17:55
CVE-2012-2144 6.8
Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.
30-10-2012 - 00:03 05-06-2012 - 18:55
CVE-2012-2140 7.5
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
30-10-2012 - 00:03 18-07-2012 - 14:55
CVE-2011-4460 6.5
SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.
29-10-2012 - 23:57 04-06-2012 - 15:55
CVE-2011-3114 7.5
Multiple buffer overflows in the PDF functionality in Google Chrome before 19.0.1084.52 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unknown function calls.
29-10-2012 - 23:55 24-05-2012 - 14:55
CVE-2011-3113 7.5
The PDF functionality in Google Chrome before 19.0.1084.52 does not properly perform a cast of an unspecified variable during handling of color spaces, which allows remote attackers to cause a denial of service or possibly have unknown other impact v
29-10-2012 - 23:55 24-05-2012 - 14:55
CVE-2011-3112 5.0
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an invalid encrypted document.
29-10-2012 - 23:55 24-05-2012 - 14:55
CVE-2011-3110 7.5
The PDF functionality in Google Chrome before 19.0.1084.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.
29-10-2012 - 23:55 24-05-2012 - 14:55
CVE-2011-1390 7.5
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-databas
29-10-2012 - 23:52 14-05-2012 - 18:55
CVE-2012-2128 6.8
** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed
26-10-2012 - 00:00 27-08-2012 - 17:55
CVE-2011-4459 3.5
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership.
28-09-2012 - 23:13 04-06-2012 - 15:55
CVE-2011-4458 6.8
Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than
28-09-2012 - 23:13 04-06-2012 - 15:55
CVE-2011-2085 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.
28-09-2012 - 23:09 04-06-2012 - 15:55
CVE-2011-2084 4.0
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account.
28-09-2012 - 23:09 04-06-2012 - 15:55
CVE-2011-2083 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
28-09-2012 - 23:09 04-06-2012 - 15:55
CVE-2011-2082 5.0
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext
28-09-2012 - 23:09 04-06-2012 - 15:55
CVE-2012-2337 7.2
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command
13-08-2012 - 23:37 18-05-2012 - 14:55
CVE-2012-2404 4.3
wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
28-06-2012 - 23:48 21-04-2012 - 19:55
CVE-2012-2403 4.3
wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
28-06-2012 - 23:48 21-04-2012 - 19:55
CVE-2012-2402 5.5
wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.
28-06-2012 - 23:48 21-04-2012 - 19:55
CVE-2012-2400 10.0
Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.
28-06-2012 - 23:48 21-04-2012 - 19:55
CVE-2012-0708 9.3
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web pa
23-04-2012 - 00:00 22-04-2012 - 14:55
CVE-2011-0009 4.3
Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.
20-07-2011 - 00:00 25-01-2011 - 14:00
Back to Top Mark selected
Back to Top