Max CVSS 7.8 Min CVSS 1.9 Total Count39
IDCVSSSummaryLast (major) updatePublished
CVE-2013-3024 7.2
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
24-05-2018 - 17:29 24-05-2018 - 17:29
CVE-2013-2249 7.5
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote at
06-01-2017 - 21:59 23-07-2013 - 13:20
CVE-2013-1896 4.3
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for han
06-01-2017 - 21:59 10-07-2013 - 16:55
CVE-2012-0883 6.9
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apach
06-01-2017 - 21:59 18-04-2012 - 06:33
CVE-2011-3389 4.3
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man
06-01-2017 - 21:59 06-09-2011 - 15:55
CVE-2013-0169 2.6
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding,
02-12-2016 - 22:00 08-02-2013 - 14:55
CVE-2013-2174 6.8
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string endi
28-11-2016 - 14:09 31-07-2013 - 09:20
CVE-2012-2110 7.5
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a de
22-08-2016 - 22:05 19-04-2012 - 13:55
CVE-2013-4116 3.3
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.
23-04-2014 - 08:10 22-04-2014 - 10:23
CVE-2013-7340 4.3
VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.
24-03-2014 - 18:47 21-03-2014 - 00:38
CVE-2013-4113 6.8
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the
05-03-2014 - 23:47 13-07-2013 - 09:10
CVE-2013-1768 7.5
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for rem
03-01-2014 - 23:45 11-07-2013 - 18:55
CVE-2013-2231 7.2
Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, a
07-10-2013 - 10:11 01-10-2013 - 13:55
CVE-2013-4821 4.0
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors.
23-09-2013 - 19:16 23-09-2013 - 06:18
CVE-2013-0597 3.5
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspe
23-08-2013 - 09:15 21-08-2013 - 17:55
CVE-2013-2967 4.3
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web scri
23-08-2013 - 09:13 21-08-2013 - 17:55
CVE-2013-2976 1.9
The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via
22-08-2013 - 10:53 21-08-2013 - 17:55
CVE-2013-2246 4.0
mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated
29-07-2013 - 00:00 29-07-2013 - 09:59
CVE-2013-2245 4.0
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitiv
29-07-2013 - 00:00 29-07-2013 - 09:59
CVE-2013-2244 4.3
Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the conditional access rule value of a user field.
29-07-2013 - 00:00 29-07-2013 - 09:59
CVE-2013-2243 4.0
mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document.
29-07-2013 - 00:00 29-07-2013 - 09:59
CVE-2013-2242 4.0
mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authe
29-07-2013 - 00:00 29-07-2013 - 09:59
CVE-2013-2364 3.5
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
26-07-2013 - 00:00 22-07-2013 - 07:19
CVE-2013-2359 4.0
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2360.
26-07-2013 - 00:00 22-07-2013 - 07:19
CVE-2013-2358 4.0
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360.
26-07-2013 - 00:00 22-07-2013 - 07:19
CVE-2013-2357 4.0
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360.
26-07-2013 - 00:00 22-07-2013 - 07:19
CVE-2012-5217 5.0
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2355.
26-07-2013 - 00:00 22-07-2013 - 07:19
CVE-2012-2336 5.0
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service
23-07-2013 - 05:39 11-05-2012 - 06:15
CVE-2012-2335 7.5
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c
23-07-2013 - 05:39 11-05-2012 - 06:15
CVE-2012-2329 5.0
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
23-07-2013 - 05:39 11-05-2012 - 06:15
CVE-2012-2311 7.5
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to exec
23-07-2013 - 05:39 11-05-2012 - 06:15
CVE-2013-2363 5.0
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356.
22-07-2013 - 00:00 22-07-2013 - 07:19
CVE-2013-2362 2.1
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676.
22-07-2013 - 00:00 22-07-2013 - 07:19
CVE-2013-2361 4.3
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
22-07-2013 - 00:00 22-07-2013 - 07:19
CVE-2013-2360 4.0
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2359.
22-07-2013 - 00:00 22-07-2013 - 07:19
CVE-2013-2356 5.0
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2363.
22-07-2013 - 00:00 22-07-2013 - 07:19
CVE-2013-2355 5.0
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2012-5217.
22-07-2013 - 00:00 22-07-2013 - 07:19
CVE-2013-0482 4.3
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the sig
31-05-2013 - 00:00 29-05-2013 - 10:29
CVE-2013-1236 7.8
Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing TCP connections at a high rate, aka Bug IDs CSCuf76076 and CSCuf79763.
16-05-2013 - 09:13 15-05-2013 - 23:36
Back to Top Mark selected
Back to Top