Max CVSS 10.0 Min CVSS 2.1 Total Count23
IDCVSSSummaryLast (major) updatePublished
CVE-2012-4558 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remo
07-12-2016 - 22:02 26-02-2013 - 11:55
CVE-2012-3499 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagema
07-12-2016 - 22:02 26-02-2013 - 11:55
CVE-2013-0169 2.6
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding,
02-12-2016 - 22:00 08-02-2013 - 14:55
CVE-2013-0166 5.0
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) vi
02-12-2016 - 22:00 08-02-2013 - 14:55
CVE-2013-1775 6.9
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp t
28-11-2016 - 14:08 05-03-2013 - 16:38
CVE-2013-0308 4.3
The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL serve
24-10-2016 - 21:59 08-03-2013 - 16:55
CVE-2013-1776 4.4
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via
08-09-2016 - 21:59 08-04-2013 - 13:55
CVE-2013-0338 4.3
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entit
16-06-2016 - 21:59 25-04-2013 - 19:55
CVE-2013-1864 4.3
The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXM
14-01-2015 - 12:24 23-05-2014 - 10:55
CVE-2012-5621 5.0
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.
30-09-2014 - 14:52 29-09-2014 - 18:55
CVE-2013-0289 4.3
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary
27-06-2014 - 12:45 23-05-2014 - 10:55
CVE-2012-5560 2.1
The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call.
24-06-2014 - 12:27 30-05-2014 - 10:55
CVE-2013-1763 7.2
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
16-05-2014 - 00:15 28-02-2013 - 14:55
CVE-2012-4544 2.1
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (
05-05-2014 - 01:14 31-10-2012 - 12:55
CVE-2013-0153 4.7
The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt
19-04-2014 - 00:30 14-02-2013 - 17:55
CVE-2012-5634 6.1
Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an
19-04-2014 - 00:28 14-02-2013 - 17:55
CVE-2012-5511 4.7
Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.
19-04-2014 - 00:28 13-12-2012 - 06:53
CVE-2013-1591 10.0
Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_s
30-01-2014 - 00:09 31-01-2013 - 18:55
CVE-2013-1643 5.0
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity
27-01-2014 - 23:51 06-03-2013 - 08:10
CVE-2013-1635 7.5
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggeri
27-01-2014 - 23:51 06-03-2013 - 08:10
CVE-2013-1824 4.3
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity
18-09-2013 - 13:01 16-09-2013 - 09:02
CVE-2013-0316 5.0
The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests.
28-03-2013 - 00:00 27-03-2013 - 17:55
CVE-2013-1049 10.0
Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 allows remote IDENT servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted response.
19-03-2013 - 00:00 13-03-2013 - 23:13
Back to Top Mark selected
Back to Top